Trojan-Clicker.Win32.Delf.qt

3 views
Skip to first unread message

Desert Rat

unread,
Oct 5, 2006, 10:47:27 AM10/5/06
to
Using FSecure with up to date defs. Today it flagged a downloaded
program (WordWeb) as infected with Trojan-Clicker.Win32.Delf.qt.
FSecure was unable to delete it but I was able to using Win Explorer.
FSecure now shows a .exe file in one of the System Restore files as
having the same infection. I have looked extensively at all the AV
vendor's sites for any info on this variation but nothing is listed.
The closest I've found is a Trojan-Clicker.Win32.Delf.cl listed on
Kasperky's site. I can remove it I'm sure by turning of System Restore
and then rebooting but I'm reluctant to do this if it's just a false
positive. Anybody have any info on this?

Damian

unread,
Oct 5, 2006, 11:07:25 AM10/5/06
to

Get a better AV. Mine deleted that same shite without any effort.


Desert Rat

unread,
Oct 5, 2006, 12:51:32 PM10/5/06
to

Be that as it may regarding your opinion on my choice of AV software do
you have any information in regards to the focus of my post which was
Trojan-Clicker.Win32.Delf.qt?

kurt wismer

unread,
Oct 5, 2006, 2:01:31 PM10/5/06
to

no, he doesn't... he's one of a number of people who've setup camp in
acv in order to disrupt it - ignore him...

chances are that if you're seeing a report of malware in your system
restore with the same name as malware you just removed from outside of
system restore then you're probably dealing with the same thing - it
should be no more false than what you've already removed... if you're
concerned that what you already removed might have been a false alarm
then leave the system restore alone for now and try and see if anything
on your system is 'broken'...

in future, if you suspect your av is issuing a false positive, try
submitting the suspect file to virustotal for a second (and 3rd, and
4th, and nth) opinion and/or try contacting the vendor's support team
to find out if anyone else has come across a similar false alarm...

Desert Rat

unread,
Oct 5, 2006, 2:50:12 PM10/5/06
to

Thanks for the reply Kurt. I don't normally respond to non-helpful or
immaterial posts but I thought perhaps the poster had information
relevant to the issue. Obviously not...nuff said.

The one concern I have regarding this is that there is no mention
anywhere of this particular variation. I ran a couple of different
online scans of the indicated file and received negative reports. I
think I'll wait a day or so and see if maybe new defs from FSecure
clear up the warning. I have found in the past that irregardless of the
brand AV software I've used they will occasionally release a definition
file that returns erroneous alerts.

kurt wisemer

unread,
Oct 5, 2006, 3:20:52 PM10/5/06
to
Desert Rat wrote:

> kurt wismer wrote:
>
> Thanks for the reply Kurt. I don't normally respond to non-helpful or
> immaterial posts but I thought perhaps the poster had information
> relevant to the issue. Obviously not...nuff said.

You just did it again.


kurt wismer

unread,
Oct 5, 2006, 3:39:08 PM10/5/06
to

Desert Rat wrote:
[snip]

> The one concern I have regarding this is that there is no mention
> anywhere of this particular variation.

nobody's online encyclopedia has complete coverage of all malware they
detect, i'm afraid... it's been that way for as long as i can
remember... i couldn't even find a listing for
Trojan-Clicker.Win32.Delf.qt in vgrep... the name suggests it's
click-fraud malware but that's about all i can tell you...

> I ran a couple of different
> online scans of the indicated file and received negative reports. I
> think I'll wait a day or so and see if maybe new defs from FSecure
> clear up the warning. I have found in the past that irregardless of the
> brand AV software I've used they will occasionally release a definition
> file that returns erroneous alerts.

yup, very true... nothing is perfect, but if the people making it are
doing their job properly then it should always be getting better...

Clay

unread,
Oct 5, 2006, 4:04:46 PM10/5/06
to
On 5 Oct 2006 12:39:08 -0700, "kurt wismer" <ku...@sympatico.ca>
wrote:

>
>Desert Rat wrote:
>[snip]
>> The one concern I have regarding this is that there is no mention
>> anywhere of this particular variation.
>
>nobody's online encyclopedia has complete coverage of all malware they
>detect, i'm afraid... it's been that way for as long as i can
>remember... i couldn't even find a listing for
>Trojan-Clicker.Win32.Delf.qt in vgrep... the name suggests it's
>click-fraud malware but that's about all i can tell you...

fwiw, this is the closest I could find... Trojan-Clicker.Win32.Delf.q
http://www.viruslist.com/en/viruses/encyclopedia?virusid=38840

Suggests it's related to: Trojan-Clicker.Win32.Delf.cl

>> I ran a couple of different
>> online scans of the indicated file and received negative reports. I
>> think I'll wait a day or so and see if maybe new defs from FSecure
>> clear up the warning. I have found in the past that irregardless of the
>> brand AV software I've used they will occasionally release a definition
>> file that returns erroneous alerts.
>
>yup, very true... nothing is perfect, but if the people making it are
>doing their job properly then it should always be getting better...

That should be a big "IF" ... but I know you don't use any caps.

--
Clay mania dot com

kurt wismer

unread,
Oct 5, 2006, 10:56:51 PM10/5/06
to
Clay wrote:
> On 5 Oct 2006 12:39:08 -0700, "kurt wismer" <ku...@sympatico.ca>
> wrote:
>> Desert Rat wrote:
>> [snip]
>>> The one concern I have regarding this is that there is no mention
>>> anywhere of this particular variation.
>> nobody's online encyclopedia has complete coverage of all malware they
>> detect, i'm afraid... it's been that way for as long as i can
>> remember... i couldn't even find a listing for
>> Trojan-Clicker.Win32.Delf.qt in vgrep... the name suggests it's
>> click-fraud malware but that's about all i can tell you...
>
> fwiw, this is the closest I could find... Trojan-Clicker.Win32.Delf.q
> http://www.viruslist.com/en/viruses/encyclopedia?virusid=38840
>
> Suggests it's related to: Trojan-Clicker.Win32.Delf.cl

well, theoretically *all* Trojan-Clicker.Win32.Delf's should be related
since they all have the same name and only differ in the variant
identifier...

whether qt is similar in symptomology or functionality to q or cl is
anybody's guess without documentation specific to that variant... qt is
probably quite a bit further along in the revision process than q or cl
(462 compared to 17 or 90)... they should have the same basic core code
but who knows what's tacked on in addition...

[snip]


>> yup, very true... nothing is perfect, but if the people making it are
>> doing their job properly then it should always be getting better...
>
> That should be a big "IF" ... but I know you don't use any caps.

are you trying to tell me that i'm more optimistic than you are? i
didn't think i was more optimistic than anybody...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Desert Rat

unread,
Oct 6, 2006, 12:39:13 AM10/6/06
to

Having now run two complete system scans without any repeat of the
original alert (including the suspect file in the System Restore
folders) I wonder if it is safe to assume that I'm now clean? I guess
I'll also monitor the AV sites for any further information on this
variant. Thanks to all for your help and suggestions.

Clay

unread,
Oct 6, 2006, 8:25:11 AM10/6/06
to
On Thu, 05 Oct 2006 22:56:51 -0400, kurt wismer <ku...@sympatico.ca>
wrote:

>Clay wrote:
>> On 5 Oct 2006 12:39:08 -0700, "kurt wismer" <ku...@sympatico.ca>
>> wrote:
>>> Desert Rat wrote:
>>> [snip]
>>>> The one concern I have regarding this is that there is no mention
>>>> anywhere of this particular variation.
>>> nobody's online encyclopedia has complete coverage of all malware they
>>> detect, i'm afraid... it's been that way for as long as i can
>>> remember... i couldn't even find a listing for
>>> Trojan-Clicker.Win32.Delf.qt in vgrep... the name suggests it's
>>> click-fraud malware but that's about all i can tell you...
>>
>> fwiw, this is the closest I could find... Trojan-Clicker.Win32.Delf.q
>> http://www.viruslist.com/en/viruses/encyclopedia?virusid=38840
>>
>> Suggests it's related to: Trojan-Clicker.Win32.Delf.cl
>
>well, theoretically *all* Trojan-Clicker.Win32.Delf's should be related
>since they all have the same name and only differ in the variant
>identifier...

Yup, that's obvious.
http://www.viruslist.com/en/virusesdescribed?chapter=153317864
"This primitive Trojan..."

>whether qt is similar in symptomology or functionality to q or cl is
>anybody's guess without documentation specific to that variant... qt is
>probably quite a bit further along in the revision process than q or cl
>(462 compared to 17 or 90)... they should have the same basic core code
>but who knows what's tacked on in addition...

Yeah, like a couple of bytes changed to avoid detection for another
day.

>[snip]
>>> yup, very true... nothing is perfect, but if the people making it are
>>> doing their job properly then it should always be getting better...
>>
>> That should be a big "IF" ... but I know you don't use any caps.
>
>are you trying to tell me that i'm more optimistic than you are? i
>didn't think i was more optimistic than anybody...

With regard to AV "development"? Perhaps so. How much better is your
average AV today compared to last year? Still reactive , prone to
false positives, questionable/confusing default settings, intrusive
warnings and behaviour... etc. I believe some AV still use/require IE
and ActiveX ... insanity!

Desert Rat

unread,
Oct 6, 2006, 12:27:59 PM10/6/06
to
kurt wismer wrote:

[snip]

> well, theoretically *all* Trojan-Clicker.Win32.Delf's should be related
> since they all have the same name and only differ in the variant
> identifier...
>
> whether qt is similar in symptomology or functionality to q or cl is
> anybody's guess without documentation specific to that variant... qt is
> probably quite a bit further along in the revision process than q or cl
> (462 compared to 17 or 90)... they should have the same basic core code
> but who knows what's tacked on in addition...

The above quote, (462 compared to 17 or 90), appears to me that there
is some identification of the .qt variant. Where were you able to find
documentation of this variant?

[snip]

kurt wismer

unread,
Oct 6, 2006, 2:36:09 PM10/6/06
to

oops, i think i've given you the wrong impression... i have no
documentation about that specific variant... those numbers come
*directly* from the variant ids themselves which are basically a kind
of base 26 number (q = 17, cl = 90, qt = 462)...

technically variant ids don't bear any relationship to the order in
which the variants were made, only to the order in which they were
discovered... it's possible that qt was actually the first variant ever
made and it was just never discovered until 461 other variants had been
created and discovered - however from what i've seen in practice it's
generally not quite that screwy... usually malware doesn't stay
undiscovered for very long and malware authors don't create new
versions unless they have a good reason (adding new features, bug
fixes, getting around detection of current versions, etc) so the mixing
of creation order relative to discovery order should fall far short of
complete randomization, especially when the scale gets into the
hundreds or thousands...

Desert Rat

unread,
Oct 6, 2006, 3:22:57 PM10/6/06
to

Thanks for the clarification Kurt. I'm still curious about the fact
that there is a number for qt (462). Does that mean that there is some
actual identification of this qt variant on some AV vendor's site? I
have been unable to find ANY reference to the qt variant on ANY AV
vendor site.

kurt wismer

unread,
Oct 6, 2006, 4:50:14 PM10/6/06
to
Desert Rat wrote:
[snip]

> Thanks for the clarification Kurt. I'm still curious about the fact
> that there is a number for qt (462).

hmmm... it's not so much that there's a number for qt as it is that qt
*is* a number... it's represented a little differently than most people
are accustomed to but just imagine that saying your abc's is equivalent
to counting to 26... a = 1, b = 2, c = 3, etc...

> Does that mean that there is some
> actual identification of this qt variant on some AV vendor's site?

no, it just means i'm able to translate between the alphabetic variant
id and it's numeric equivalent...

> I
> have been unable to find ANY reference to the qt variant on ANY AV
> vendor site.

same here i'm afraid... and frankly, i'd only really expect to find it
on the site for the av vendor whose product reported that name in the
first place (since naming is still pretty inconsistent across
vendors)... if you still had a sample i would have suggested submitting
it to virustotal to find out what a few other products call it so that
you could look up those other names...

kurt wismer

unread,
Oct 6, 2006, 5:02:05 PM10/6/06
to
Clay wrote:
> On Thu, 05 Oct 2006 22:56:51 -0400, kurt wismer <ku...@sympatico.ca>
> >Clay wrote:
> >> On 5 Oct 2006 12:39:08 -0700, "kurt wismer" <ku...@sympatico.ca>
[snip]
> >>> yup, very true... nothing is perfect, but if the people making it are
> >>> doing their job properly then it should always be getting better...
> >>
> >> That should be a big "IF" ... but I know you don't use any caps.
> >
> >are you trying to tell me that i'm more optimistic than you are? i
> >didn't think i was more optimistic than anybody...
>
> With regard to AV "development"? Perhaps so. How much better is your
> average AV today compared to last year? Still reactive ,

always going to be reactive... that's kind of a misguided criticism...
if it's virus specific then it's going to be reactive, if it's generic
then it isn't strictly anti-*virus*...

> prone to
> false positives,

so is everything, even people...

> questionable/confusing default settings,

true enough... i think that's why some people call them duhfaults...

> intrusive
> warnings and behaviour... etc.

security requires intelligent decision making in contextually sensitive
situations - that means that some intrusive warnings and behaviour are
required...

> I believe some AV still use/require IE
> and ActiveX ... insanity!

ack, i'd forgotten about that one... thanks for reminding me... now i'm
not so optimistic anymore...

Desert Rat

unread,
Oct 6, 2006, 5:40:20 PM10/6/06
to
kurt wismer wrote:

[snip]

> hmmm... it's not so much that there's a number for qt as it is that qt
> *is* a number... it's represented a little differently than most people
> are accustomed to but just imagine that saying your abc's is equivalent
> to counting to 26... a = 1, b = 2, c = 3, etc...

OK, that is a lot clearer to me now.

[snip]

> same here i'm afraid... and frankly, i'd only really expect to find it
> on the site for the av vendor whose product reported that name in the
> first place (since naming is still pretty inconsistent across
> vendors)... if you still had a sample i would have suggested submitting
> it to virustotal to find out what a few other products call it so that
> you could look up those other names...

Well, now I'm very sorry that I deleted the suspect files. I've been
fairly diligent in my computing experience, keeping all my various AV
software as up to date as possible; regularly checking groups such as
this and other web resources for alerts and information and being
(probably overly!) paranoid about attachments, ActiveX, scripts, etc.
As a consequence I've never had a situation where malware has infected
my system. In the future, if another occurrance of this type of alert
happens, I will avoid my natural inclination to immediately cleanse it
and instead submit it for analysis. Thanks again for your time and
expertise.

Clay

unread,
Oct 6, 2006, 6:54:47 PM10/6/06
to
On 6 Oct 2006 14:02:05 -0700, "kurt wismer" <ku...@sympatico.ca>
wrote:

>Clay wrote:


>> On Thu, 05 Oct 2006 22:56:51 -0400, kurt wismer <ku...@sympatico.ca>
>> >Clay wrote:
>> >> On 5 Oct 2006 12:39:08 -0700, "kurt wismer" <ku...@sympatico.ca>
>[snip]
>> >>> yup, very true... nothing is perfect, but if the people making it are
>> >>> doing their job properly then it should always be getting better...
>> >>
>> >> That should be a big "IF" ... but I know you don't use any caps.
>> >
>> >are you trying to tell me that i'm more optimistic than you are? i
>> >didn't think i was more optimistic than anybody...
>>
>> With regard to AV "development"? Perhaps so. How much better is your
>> average AV today compared to last year? Still reactive ,
>
>always going to be reactive... that's kind of a misguided criticism...

Aaahhh Kurt... I'm just thinking that many people pay good money to
the AV industry for what is marketed to be "protection" against
viruses and other threats. I don't perceive any advancement in the
effectiveness of the reactive approach towards protection against
viruses. Perhaps I'm just criticizing an inherent and unavoidable
weakness in the current products.

>if it's virus specific then it's going to be reactive, if it's generic
>then it isn't strictly anti-*virus*...
>
>> prone to
>> false positives,
>
>so is everything, even people...

But in the case of AV software, a false positive can potentially have
disastrous results, particularly if the software is configured (by
default or user preference) to do any deleting... again, I've not
perceived any advancement in general towards eliminating false
positives and the confusion/downtime that often results. Perhaps I'm
just criticizing an inherent and unavoidable weakness in the current
products.

>> questionable/confusing default settings,
>
>true enough... i think that's why some people call them duhfaults...

Redundantly speaking, perhaps I'm just criticizing an inherent and
unavoidable weakness in the current products.

>> intrusive
>> warnings and behaviour... etc.
>
>security requires intelligent decision making in contextually sensitive
>situations - that means that some intrusive warnings and behaviour are
>required...

Maybe they should try to make more sense and provide more palatable
info and less whistles, bells and advertising for product upgrades
and/or enhancements. Perhaps I'm just criticizing an inherent and
unavoidable weakness in the current products.

>> I believe some AV still use/require IE
>> and ActiveX ... insanity!
>
>ack, i'd forgotten about that one... thanks for reminding me... now i'm
>not so optimistic anymore...

Heheh... Perhaps I'm just drinking too much, having some fun and
really have no idea wtf I'm on about.

Cheers

kurt wismer

unread,
Oct 6, 2006, 8:50:41 PM10/6/06
to
Clay wrote:
> On 6 Oct 2006 14:02:05 -0700, "kurt wismer" <ku...@sympatico.ca>
>> Clay wrote:
>>> On Thu, 05 Oct 2006 22:56:51 -0400, kurt wismer <ku...@sympatico.ca>
>>>> Clay wrote:
>>>>> On 5 Oct 2006 12:39:08 -0700, "kurt wismer" <ku...@sympatico.ca>
>> [snip]
>>>>>> yup, very true... nothing is perfect, but if the people making it are
>>>>>> doing their job properly then it should always be getting better...
>>>>> That should be a big "IF" ... but I know you don't use any caps.
>>>> are you trying to tell me that i'm more optimistic than you are? i
>>>> didn't think i was more optimistic than anybody...
>>> With regard to AV "development"? Perhaps so. How much better is your
>>> average AV today compared to last year? Still reactive ,
>> always going to be reactive... that's kind of a misguided criticism...
>
> Aaahhh Kurt... I'm just thinking that many people pay good money to
> the AV industry for what is marketed to be "protection" against
> viruses and other threats. I don't perceive any advancement in the
> effectiveness of the reactive approach towards protection against
> viruses. Perhaps I'm just criticizing an inherent and unavoidable
> weakness in the current products.

you're criticizing a single layer for not being multiple layers... if
you want the protection multiple layers provide then you need to use
multiple layers...

and if there's any specific instances of marketing false hope you think
needs to be addressed, then just let me know and i will be more than
happy to roast the people responsible on my blog...

>> if it's virus specific then it's going to be reactive, if it's generic
>> then it isn't strictly anti-*virus*...
>>
>>> prone to
>>> false positives,
>> so is everything, even people...
>
> But in the case of AV software, a false positive can potentially have
> disastrous results, particularly if the software is configured (by
> default or user preference) to do any deleting... again, I've not
> perceived any advancement in general towards eliminating false
> positives and the confusion/downtime that often results. Perhaps I'm
> just criticizing an inherent and unavoidable weakness in the current
> products.

at some level false positives are unavoidable... and if it were easy to
clear up the confusion over false positives by means of some software
trickery it would also be possible to clear up the false positive itself...

the best two options a user has for clearing up confusion over potential
false positives are second opinions from other products or second
opinions from human analysts...

>>> intrusive
>>> warnings and behaviour... etc.
>> security requires intelligent decision making in contextually sensitive
>> situations - that means that some intrusive warnings and behaviour are
>> required...
>
> Maybe they should try to make more sense and provide more palatable
> info and less whistles, bells and advertising for product upgrades
> and/or enhancements. Perhaps I'm just criticizing an inherent and
> unavoidable weakness in the current products.

??? actually, i think now your train of thought has jumped the track...
intrusiveness isn't really related to understandability...

of course understandability does need to improve, but it has also made
improvements... maybe not so much that you'd notice from one year to the
next, but i remember a time when everything got reported as a virus - at
least now they throw in words like trojan and exploit too (even if
"virus" remains in the same report)...

Dustin Cook

unread,
Oct 7, 2006, 12:15:08 AM10/7/06
to
"Desert Rat" <deser...@gmail.com> wrote in news:1160059646.985968.98510
@b28g2000cwb.googlegroups.com:

I'm aware of some variants of the trojan.clicker family. Your welcome to
try scanning your machine with BugHunter (http://bughunter.it-mate.co.uk).
You might also want to try:

Superantispyware (http://www.superantispyware.com)
Adaware (www.lavasoft.com)
or SpyBotSd


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool
web: http://bughunter.it-mate.co.uk
email: bughunte...@gmail.com.removethis
Last updated: October 6th, 2006

Kadaitcha Man

unread,
Oct 7, 2006, 1:08:30 AM10/7/06
to
Dustin Cook <spamfilterine...@nowhere.com>, the gossipy
latener, croaked:

> "Desert Rat" <deser...@gmail.com> wrote in
> news:1160059646.985968.98510 @b28g2000cwb.googlegroups.com:
>
>> Using FSecure with up to date defs. Today it flagged a downloaded
>> program (WordWeb) as infected with Trojan-Clicker.Win32.Delf.qt.
>> FSecure was unable to delete it but I was able to using Win Explorer.
>> FSecure now shows a .exe file in one of the System Restore files as
>> having the same infection. I have looked extensively at all the AV
>> vendor's sites for any info on this variation but nothing is listed.
>> The closest I've found is a Trojan-Clicker.Win32.Delf.cl listed on
>> Kasperky's site. I can remove it I'm sure by turning of System
>> Restore and then rebooting but I'm reluctant to do this if it's just
>> a false positive. Anybody have any info on this?
>>
>
> I'm aware of some variants of the trojan.clicker family. Your welcome

> to try scanning your machine with BugHunter<BITCHSLAP>

BWAHAHAHAHAHAHAHAHAH! You fuckwitted cunt. For someone who claims to have
written the shitware you sure are more than fucking vague on whether or not
boghumper can deal with it, eh.

--
alt.usenet.kooks - Pierre Salinger Memorial Hook, Line & Sinker:
September 2005 and April 2006

"K-Man's particular genius, however, lies not merely in his humour,
but his ability to make posters who had previously seemed reasonably
well-balanced turn into foaming, frothing, death threat-uttering
maniacs" - Snarky, Demon Lord of Confusion

Thou winter-cricket thou. A slave whose gall coins slanders like a mint.

Clay

unread,
Oct 7, 2006, 9:42:03 AM10/7/06
to
On Fri, 06 Oct 2006 20:50:41 -0400, kurt wismer <ku...@sympatico.ca>
wrote:

>Clay wrote:


>> On 6 Oct 2006 14:02:05 -0700, "kurt wismer" <ku...@sympatico.ca>
>>> Clay wrote:
>>>> On Thu, 05 Oct 2006 22:56:51 -0400, kurt wismer <ku...@sympatico.ca>
>>>>> Clay wrote:
>>>>>> On 5 Oct 2006 12:39:08 -0700, "kurt wismer" <ku...@sympatico.ca>
>>> [snip]
>>>>>>> yup, very true... nothing is perfect, but if the people making it are
>>>>>>> doing their job properly then it should always be getting better...
>>>>>> That should be a big "IF" ... but I know you don't use any caps.
>>>>> are you trying to tell me that i'm more optimistic than you are? i
>>>>> didn't think i was more optimistic than anybody...
>>>> With regard to AV "development"? Perhaps so. How much better is your
>>>> average AV today compared to last year? Still reactive ,
>>> always going to be reactive... that's kind of a misguided criticism...
>>
>> Aaahhh Kurt... I'm just thinking that many people pay good money to
>> the AV industry for what is marketed to be "protection" against
>> viruses and other threats. I don't perceive any advancement in the
>> effectiveness of the reactive approach towards protection against
>> viruses. Perhaps I'm just criticizing an inherent and unavoidable
>> weakness in the current products.
>
>you're criticizing a single layer for not being multiple layers... if
>you want the protection multiple layers provide then you need to use
>multiple layers...

I thought I was criticizing AV product(s) for not doing what they
claim - and not just because the reactive approach's effectiveness is
less than satisfactory. I'm particularly annoyed with those products
designed (claiming) to be "all-in-one security solutions". You know,
the trend to cover all the bases with a "security suite" (multiple
layers).

Like... http://www.mcafee.com/us/smb/index.html
"McAfee Total Protection for Small Business"
"Our solution blocks viruses, spyware, spam, phishing and hacker
attacks and identity thieves from..."

Total protection seems to be more than implied, no?
Which is funny to me because under "System Requirements":
Microsoft Internet Explorer 5.5 with SP2 or later

>and if there's any specific instances of marketing false hope you think
>needs to be addressed, then just let me know and i will be more than
>happy to roast the people responsible on my blog...
>
>>> if it's virus specific then it's going to be reactive, if it's generic
>>> then it isn't strictly anti-*virus*...
>>>
>>>> prone to
>>>> false positives,
>>> so is everything, even people...
>>
>> But in the case of AV software, a false positive can potentially have
>> disastrous results, particularly if the software is configured (by
>> default or user preference) to do any deleting... again, I've not
>> perceived any advancement in general towards eliminating false
>> positives and the confusion/downtime that often results. Perhaps I'm
>> just criticizing an inherent and unavoidable weakness in the current
>> products.
>
>at some level false positives are unavoidable... and if it were easy to
>clear up the confusion over false positives by means of some software
>trickery it would also be possible to clear up the false positive itself...

Some user education might help. If users could better understand the
limitations of the products (instead of believing the hype that
they're totally protected by using the product), they might learn how
to deal with alerts to possible malware code more effectively.

>the best two options a user has for clearing up confusion over potential
>false positives are second opinions from other products or second
>opinions from human analysts...

Including contact to/from the vendor when an alert may be
questionable. Alerts could offer useful suggestions for second
opinions or brief instructions how to submit samples to VT... I don't
know Kurt, I'm no AV software developer but it seems to me they could
make some basic improvments to current products before/instead of
adding features and Window dressing. (guess I'm jumping the track
again.)

>>>> intrusive
>>>> warnings and behaviour... etc.
>>> security requires intelligent decision making in contextually sensitive
>>> situations - that means that some intrusive warnings and behaviour are
>>> required...
>>
>> Maybe they should try to make more sense and provide more palatable
>> info and less whistles, bells and advertising for product upgrades
>> and/or enhancements. Perhaps I'm just criticizing an inherent and
>> unavoidable weakness in the current products.
>
>??? actually, i think now your train of thought has jumped the track...
>intrusiveness isn't really related to understandability...

My thoughts often jump the track (especially since turning 40 some
time ago...). But (for example) I was thinking of those all in one
product suites that report blocking some external traffic noise as if
it were an attack on the users' system. Misleading and/or generic
alerts that that attempt to make the user feel as though the product
is protecting them is just unnecessary hype and confusion.

>of course understandability does need to improve, but it has also made
>improvements... maybe not so much that you'd notice from one year to the
>next, but i remember a time when everything got reported as a virus - at
>least now they throw in words like trojan and exploit too (even if
>"virus" remains in the same report)...

Okay, that's true but IMO it's no great feat in the grand scheme of AV
software advancements.

Damian

unread,
Oct 7, 2006, 10:41:45 AM10/7/06
to
Kadaitcha Man wrote:
> Dustin Cook <spamfilterine...@nowhere.com>, the gossipy
> latener, croaked:
>
>> "Desert Rat" <deser...@gmail.com> wrote in
>> news:1160059646.985968.98510 @b28g2000cwb.googlegroups.com:
>>
>>> Using FSecure with up to date defs. Today it flagged a downloaded
>>> program (WordWeb) as infected with Trojan-Clicker.Win32.Delf.qt.
>>> FSecure was unable to delete it but I was able to using Win
>>> Explorer. FSecure now shows a .exe file in one of the System
>>> Restore files as having the same infection. I have looked
>>> extensively at all the AV vendor's sites for any info on this
>>> variation but nothing is listed. The closest I've found is a
>>> Trojan-Clicker.Win32.Delf.cl listed on Kasperky's site. I can
>>> remove it I'm sure by turning of System Restore and then rebooting
>>> but I'm reluctant to do this if it's just a false positive. Anybody
>>> have any info on this?
>>>
>>
>> I'm aware of some variants of the trojan.clicker family. Your welcome
>> to try scanning your machine with BugHunter<BITCHSLAP>
>
> BWAHAHAHAHAHAHAHAHAH! You fuckwitted cunt. For someone who claims to
> have written the shitware you sure are more than fucking vague on
> whether or not boghumper can deal with it, eh.

Had he read the thread instead of seizing an opportunity to spam the group,
he would see that he's a day late and a dollar short.


Dustbin Ko0k

unread,
Oct 7, 2006, 10:35:43 AM10/7/06
to

For fuck's sake, write your own fucking AV and shut the fuck up.

--
Posted via a free Usenet account from http://www.teranews.com

kurt wismer

unread,
Oct 7, 2006, 5:36:23 PM10/7/06
to
Clay wrote:
> On Fri, 06 Oct 2006 20:50:41 -0400, kurt wismer <ku...@sympatico.ca>
>> Clay wrote:
[snip]

>>> Aaahhh Kurt... I'm just thinking that many people pay good money to
>>> the AV industry for what is marketed to be "protection" against
>>> viruses and other threats. I don't perceive any advancement in the
>>> effectiveness of the reactive approach towards protection against
>>> viruses. Perhaps I'm just criticizing an inherent and unavoidable
>>> weakness in the current products.
>> you're criticizing a single layer for not being multiple layers... if
>> you want the protection multiple layers provide then you need to use
>> multiple layers...
>
> I thought I was criticizing AV product(s) for not doing what they
> claim - and not just because the reactive approach's effectiveness is
> less than satisfactory. I'm particularly annoyed with those products
> designed (claiming) to be "all-in-one security solutions". You know,
> the trend to cover all the bases with a "security suite" (multiple
> layers).

i don't like waving my hands in the air and saying "they're doing bad
things" if i can help it... there should be specific examples that one
can point to in a name and shame campaign...

additionally, i really don't go out of my way to find examples of what
people are doing wrong, i'm more interested in looking for what people
are doing right and figuring out how that can be used to strengthen
multi-layered approaches...

> Like... http://www.mcafee.com/us/smb/index.html
> "McAfee Total Protection for Small Business"
> "Our solution blocks viruses, spyware, spam, phishing and hacker
> attacks and identity thieves from..."
>
> Total protection seems to be more than implied, no?
> Which is funny to me because under "System Requirements":
> Microsoft Internet Explorer 5.5 with SP2 or later

and this would have been a really good response to:

>> and if there's any specific instances of marketing false hope you think
>> needs to be addressed, then just let me know and i will be more than
>> happy to roast the people responsible on my blog...

yes, i agree, mcafee "total protection" sounds like snake oil to me...
i'll see if i can put something together on that...

[snip]


>>> But in the case of AV software, a false positive can potentially have
>>> disastrous results, particularly if the software is configured (by
>>> default or user preference) to do any deleting... again, I've not
>>> perceived any advancement in general towards eliminating false
>>> positives and the confusion/downtime that often results. Perhaps I'm
>>> just criticizing an inherent and unavoidable weakness in the current
>>> products.
>> at some level false positives are unavoidable... and if it were easy to
>> clear up the confusion over false positives by means of some software
>> trickery it would also be possible to clear up the false positive itself...
>
> Some user education might help. If users could better understand the
> limitations of the products (instead of believing the hype that
> they're totally protected by using the product), they might learn how
> to deal with alerts to possible malware code more effectively.

i agree that user education can help and i think the av industry is in
the best position to offer that help... however, back when i was still
pretty new to alt.comp.virus ('96 or '97 maybe?) i got into a rather
acrimonious exchange with a well respected av personality (who
coincidentally is well known for his acrimonious exchanges) about this
very issue and it was a real eye opener... not so much the arguments he
made but that i got precisely nowhere...

i learned you cannot count on other people to do what you think is the
right thing for them to do - if there's an improvement you think needs
to be made then you have to take personal responsibility for making that
improvement... from that point on i was all 'lead by example' and while
i won't try to take credit for any improvements that i've seen, i did
become satisfied enough at one point that i actually left acv for a while...

of course, memory fades and that lesson was no exception - hence my
complaints about the effects of certain noise-makers on the quality of
the signal in this group... i don't think i'll be making that complaint
again any time soon, i've remembered my lesson now and i know that the
only real way to combat noise is with more/better signal...

>> the best two options a user has for clearing up confusion over potential
>> false positives are second opinions from other products or second
>> opinions from human analysts...
>
> Including contact to/from the vendor when an alert may be
> questionable. Alerts could offer useful suggestions for second
> opinions or brief instructions how to submit samples to VT... I don't
> know Kurt, I'm no AV software developer but it seems to me they could
> make some basic improvments to current products before/instead of
> adding features and Window dressing. (guess I'm jumping the track
> again.)

y'know what, they *could* do those things, and if you or i were running
those companies maybe they even would do those things... but we aren't,
business men are and business men are concerned about their business,
about their share holders, about their profits... av companies are not
charities, they put their priorities on making profits and the things
you're talking about are not big profit makers so i'm not at all
surprised that they don't take priority over those things that are
profit makers...

we can make pie in the sky wishes or we can try to find a different
solution... the nature of the business is not going to change to suit
our ideals...

>>>>> intrusive
>>>>> warnings and behaviour... etc.
>>>> security requires intelligent decision making in contextually sensitive
>>>> situations - that means that some intrusive warnings and behaviour are
>>>> required...
>>> Maybe they should try to make more sense and provide more palatable
>>> info and less whistles, bells and advertising for product upgrades
>>> and/or enhancements. Perhaps I'm just criticizing an inherent and
>>> unavoidable weakness in the current products.
>> ??? actually, i think now your train of thought has jumped the track...
>> intrusiveness isn't really related to understandability...
>
> My thoughts often jump the track (especially since turning 40 some
> time ago...). But (for example) I was thinking of those all in one
> product suites that report blocking some external traffic noise as if
> it were an attack on the users' system. Misleading and/or generic
> alerts that that attempt to make the user feel as though the product
> is protecting them is just unnecessary hype and confusion.

hmmm... i'm getting a sense here that protection is like being secure
(in fact, it seems obvious now that that i've written that that the two
are tightly intertwined) in that people expect it to be a boolean
quantity when the reality is that it's a gradient...

how much of the complaint, then, comes from the fact that people are
starting off with a wrong expectation? and how long are we going to
criticize businesses for not elevating their users to a higher plane of
security awareness?

>> of course understandability does need to improve, but it has also made
>> improvements... maybe not so much that you'd notice from one year to the
>> next, but i remember a time when everything got reported as a virus - at
>> least now they throw in words like trojan and exploit too (even if
>> "virus" remains in the same report)...
>
> Okay, that's true but IMO it's no great feat in the grand scheme of AV
> software advancements.

i dunno, the fact that it happened at all when there's no financial
incentive for it seems like a minor miracle to me...

Clay

unread,
Oct 9, 2006, 12:46:12 PM10/9/06
to
On Sat, 07 Oct 2006 17:36:23 -0400, kurt wismer <ku...@sympatico.ca>
wrote:

>Clay wrote:


>> On Fri, 06 Oct 2006 20:50:41 -0400, kurt wismer <ku...@sympatico.ca>
>>> Clay wrote:
>[snip]
>>>> Aaahhh Kurt... I'm just thinking that many people pay good money to
>>>> the AV industry for what is marketed to be "protection" against
>>>> viruses and other threats. I don't perceive any advancement in the
>>>> effectiveness of the reactive approach towards protection against
>>>> viruses. Perhaps I'm just criticizing an inherent and unavoidable
>>>> weakness in the current products.
>>> you're criticizing a single layer for not being multiple layers... if
>>> you want the protection multiple layers provide then you need to use
>>> multiple layers...
>>
>> I thought I was criticizing AV product(s) for not doing what they
>> claim - and not just because the reactive approach's effectiveness is
>> less than satisfactory. I'm particularly annoyed with those products
>> designed (claiming) to be "all-in-one security solutions". You know,
>> the trend to cover all the bases with a "security suite" (multiple
>> layers).
>
>i don't like waving my hands in the air and saying "they're doing bad
>things" if i can help it... there should be specific examples that one
>can point to in a name and shame campaign...

I'm not waving my hands about anything. I thought we were
chit-chatting about the obvious shortcomings of AV software.

>additionally, i really don't go out of my way to find examples of what
>people are doing wrong, i'm more interested in looking for what people
>are doing right and figuring out how that can be used to strengthen
>multi-layered approaches...

It took me all of 30 seconds (barely going out of my way) to find the
example (from the first vendor that popped into my head) below.
Additionally, I only bothered to provide an example because it seemed
like you weren't aware that it would be so easy based on your
statement below regarding your blog.

To be fair, here's 2 more:
http://www.bitdefender.com/PRODUCT-52-en--BitDefender-Standard-Client.html

"install and forget"

http://www.pandasoftware.com/products/HomeParticulares.htm?sitepanda=particulares

At the URL above, they have a graphic that reads "Browse the Internet,
download any file you want, play online for hours... *without any
worries*"

Really, I know it's just maketing spew but IMO it's clearly promoting
a "relax, you're completely protected" attitude.

>> Like... http://www.mcafee.com/us/smb/index.html
>> "McAfee Total Protection for Small Business"
>> "Our solution blocks viruses, spyware, spam, phishing and hacker
>> attacks and identity thieves from..."
>>
>> Total protection seems to be more than implied, no?
>> Which is funny to me because under "System Requirements":
>> Microsoft Internet Explorer 5.5 with SP2 or later
>
>and this would have been a really good response to:

(It was, call it misplaced if you like.)

I vaguely remember.

>i learned you cannot count on other people to do what you think is the
>right thing for them to do - if there's an improvement you think needs
>to be made then you have to take personal responsibility for making that
>improvement... from that point on i was all 'lead by example' and while
>i won't try to take credit for any improvements that i've seen, i did
>become satisfied enough at one point that i actually left acv for a while...

I wondered why you left.

>of course, memory fades and that lesson was no exception - hence my
>complaints about the effects of certain noise-makers on the quality of
>the signal in this group... i don't think i'll be making that complaint
>again any time soon, i've remembered my lesson now and i know that the
>only real way to combat noise is with more/better signal...

That's a tough one since many (most?) of the most knowledgable posters
from the "good ole days" of ACV are long gone.

>>> the best two options a user has for clearing up confusion over potential
>>> false positives are second opinions from other products or second
>>> opinions from human analysts...
>>
>> Including contact to/from the vendor when an alert may be
>> questionable. Alerts could offer useful suggestions for second
>> opinions or brief instructions how to submit samples to VT... I don't
>> know Kurt, I'm no AV software developer but it seems to me they could
>> make some basic improvments to current products before/instead of
>> adding features and Window dressing. (guess I'm jumping the track
>> again.)
>
>y'know what, they *could* do those things, and if you or i were running
>those companies maybe they even would do those things... but we aren't,
>business men are and business men are concerned about their business,
>about their share holders, about their profits... av companies are not
>charities, they put their priorities on making profits and the things
>you're talking about are not big profit makers so i'm not at all
>surprised that they don't take priority over those things that are
>profit makers...

(Probably off track but I think this is a customer service issue...)
I am a business person and I understand what you're saying. However,
it's been my experience that good customer service is an essential
component to a long term successful business. I also worked many years
for a company that made customer service their #1 priority. As a
result of that commitment (and other contributing factors of course),
they have always maintained a 25% increase in sales every year for the
past 20 years. All the sales personal would attest to the fact that
exceptional customer service was largely responsible for the
consistency in company growth. There is profit in good customer
service and misleading people will hurt profitability in the long run.
Whatever makes the customers' experience with your product or service
a positive one, ought to be considered an important part of the bottom
line.

>we can make pie in the sky wishes or we can try to find a different
>solution... the nature of the business is not going to change to suit
>our ideals...

Funny, I do use a different solution. It isn't as easy, but sasic safe
hex and common sense really works.

>>>>>> intrusive
>>>>>> warnings and behaviour... etc.
>>>>> security requires intelligent decision making in contextually sensitive
>>>>> situations - that means that some intrusive warnings and behaviour are
>>>>> required...
>>>> Maybe they should try to make more sense and provide more palatable
>>>> info and less whistles, bells and advertising for product upgrades
>>>> and/or enhancements. Perhaps I'm just criticizing an inherent and
>>>> unavoidable weakness in the current products.
>>> ??? actually, i think now your train of thought has jumped the track...
>>> intrusiveness isn't really related to understandability...
>>
>> My thoughts often jump the track (especially since turning 40 some
>> time ago...). But (for example) I was thinking of those all in one
>> product suites that report blocking some external traffic noise as if
>> it were an attack on the users' system. Misleading and/or generic
>> alerts that that attempt to make the user feel as though the product
>> is protecting them is just unnecessary hype and confusion.
>
>hmmm... i'm getting a sense here that protection is like being secure
>(in fact, it seems obvious now that that i've written that that the two
>are tightly intertwined) in that people expect it to be a boolean
>quantity when the reality is that it's a gradient...

People often believe what they're told. Especially by those whom they
expect to be honest.

>how much of the complaint, then, comes from the fact that people are
>starting off with a wrong expectation? and how long are we going to
>criticize businesses for not elevating their users to a higher plane of
>security awareness?

Don't they sometimes start off with the wrong expectations based on
what they were promised at the start? Like.. "install and forget"

>>> of course understandability does need to improve, but it has also made
>>> improvements... maybe not so much that you'd notice from one year to the
>>> next, but i remember a time when everything got reported as a virus - at
>>> least now they throw in words like trojan and exploit too (even if
>>> "virus" remains in the same report)...
>>
>> Okay, that's true but IMO it's no great feat in the grand scheme of AV
>> software advancements.
>
>i dunno, the fact that it happened at all when there's no financial
>incentive for it seems like a minor miracle to me...

Okay, I just disagree. I think there is financial incentive to
increase the accuracy of alerts in a product whose function is to...
alert.

kurt wismer

unread,
Oct 9, 2006, 2:06:25 PM10/9/06
to
Clay wrote:
> On Sat, 07 Oct 2006 17:36:23 -0400, kurt wismer <ku...@sympatico.ca>
>> Clay wrote:
[snip]

>>> I thought I was criticizing AV product(s) for not doing what they
>>> claim - and not just because the reactive approach's effectiveness is
>>> less than satisfactory. I'm particularly annoyed with those products
>>> designed (claiming) to be "all-in-one security solutions". You know,
>>> the trend to cover all the bases with a "security suite" (multiple
>>> layers).
>> i don't like waving my hands in the air and saying "they're doing bad
>> things" if i can help it... there should be specific examples that one
>> can point to in a name and shame campaign...
>
> I'm not waving my hands about anything. I thought we were
> chit-chatting about the obvious shortcomings of AV software.

sorry, i didn't mean to imply you were doing that... i meant that if i
got up on a soap box and started complaining about the bad things av
companies do without specific examples, that would be what i was
doing... i just don't want to be that guy...

>> additionally, i really don't go out of my way to find examples of what
>> people are doing wrong, i'm more interested in looking for what people
>> are doing right and figuring out how that can be used to strengthen
>> multi-layered approaches...
>
> It took me all of 30 seconds (barely going out of my way) to find the
> example (from the first vendor that popped into my head) below.
> Additionally, I only bothered to provide an example because it seemed
> like you weren't aware that it would be so easy based on your
> statement below regarding your blog.

'barely going out of your way' is still going out of your way... i like
to think i have better things to do with my life than monitor av company
ad copy... to put it another way - would *you* have looked for it if not
for this conversation? my guess is no, and that's the same answer for
me... if i stumble on something, if someone brings something like this
to my attention, then i become aware of it and it has my attention, but
otherwise my attention is elsewhere...

> To be fair, here's 2 more:
> http://www.bitdefender.com/PRODUCT-52-en--BitDefender-Standard-Client.html
>
> "install and forget"

definitely a candidate - i've bashed folks for using that phrase before...

> http://www.pandasoftware.com/products/HomeParticulares.htm?sitepanda=particulares
>
> At the URL above, they have a graphic that reads "Browse the Internet,
> download any file you want, play online for hours... *without any
> worries*"

interesting... this bring up a new angle - how prevalent is snake oil
*really*... you're starting to make it look ubiquitous...

> Really, I know it's just maketing spew but IMO it's clearly promoting
> a "relax, you're completely protected" attitude.

i agree...

[snip]


>> i learned you cannot count on other people to do what you think is the
>> right thing for them to do - if there's an improvement you think needs
>> to be made then you have to take personal responsibility for making that
>> improvement... from that point on i was all 'lead by example' and while
>> i won't try to take credit for any improvements that i've seen, i did
>> become satisfied enough at one point that i actually left acv for a while...
>
> I wondered why you left.

well, that's more why i was ok with leaving... why i left was that i had
just finished school and become employed and the time commitment was
more than i was accustomed to... i needed to find a new balance... i
believe it was an email from guillermito that brought me back...

>> of course, memory fades and that lesson was no exception - hence my
>> complaints about the effects of certain noise-makers on the quality of
>> the signal in this group... i don't think i'll be making that complaint
>> again any time soon, i've remembered my lesson now and i know that the
>> only real way to combat noise is with more/better signal...
>
> That's a tough one since many (most?) of the most knowledgable posters
> from the "good ole days" of ACV are long gone.

and *if* they were going to come back, the only way that would happen is
if there was already good signal here... again, it's something one has
to take personal responsibility for... yes they're gone, but there are
still knowledgeable people around who, i think, are just not being
stimulated the way they used to... we don't talk so much about the
higher level concepts anymore, maybe because everything's already been
said or maybe we just assume that it has... the term "multi-layered" for
example, was mentioned once in this discussion, once in september and
then before that you have to back all the way to june 2005 to find it
mentioned, and then before that single mention you have to back to 2004...

and i think that's actually kinda weird, because although the
multi-layered approach is still the best, what kinds of things can and
should go into the multi-layered approach have changed over the past
couple years...

[snip]


>> y'know what, they *could* do those things, and if you or i were running
>> those companies maybe they even would do those things... but we aren't,
>> business men are and business men are concerned about their business,
>> about their share holders, about their profits... av companies are not
>> charities, they put their priorities on making profits and the things
>> you're talking about are not big profit makers so i'm not at all
>> surprised that they don't take priority over those things that are
>> profit makers...
>
> (Probably off track but I think this is a customer service issue...)
> I am a business person and I understand what you're saying. However,
> it's been my experience that good customer service is an essential
> component to a long term successful business. I also worked many years
> for a company that made customer service their #1 priority. As a
> result of that commitment (and other contributing factors of course),
> they have always maintained a 25% increase in sales every year for the
> past 20 years. All the sales personal would attest to the fact that
> exceptional customer service was largely responsible for the
> consistency in company growth. There is profit in good customer
> service and misleading people will hurt profitability in the long run.
> Whatever makes the customers' experience with your product or service
> a positive one, ought to be considered an important part of the bottom
> line.

again, i agree with all of this stuff... in fact, if it empowers people
(and good customer service does) then chances are i'm going to agree
with it... but i also know that different business people make different
business decisions... i don't know how true this is today, but i recall
that several years ago there was a common (enough) feeling among the av
professionals that user education was a waste of time... if you're the
top brass at an av company looking to shave a few dollars off your
bottom line and you hear that from folks who are supposed to know this
stuff better than you (because i don't believe for a second that there
are many big av companies left where the folks at the top actually know
av) then i think don't think it would be at all surprising if you were
to make similar decisions about how customer service should be handled...

>> we can make pie in the sky wishes or we can try to find a different
>> solution... the nature of the business is not going to change to suit
>> our ideals...
>
> Funny, I do use a different solution. It isn't as easy, but sasic safe
> hex and common sense really works.

actually, i meant a different solution for society, not for protecting
ones own machine - but you're contributing there too by way of
claymania... by the way, if one is a proponent of claymania, does that
make one a claymaniac?

[snip]


>>> My thoughts often jump the track (especially since turning 40 some
>>> time ago...). But (for example) I was thinking of those all in one
>>> product suites that report blocking some external traffic noise as if
>>> it were an attack on the users' system. Misleading and/or generic
>>> alerts that that attempt to make the user feel as though the product
>>> is protecting them is just unnecessary hype and confusion.
>> hmmm... i'm getting a sense here that protection is like being secure
>> (in fact, it seems obvious now that that i've written that that the two
>> are tightly intertwined) in that people expect it to be a boolean
>> quantity when the reality is that it's a gradient...
>
> People often believe what they're told. Especially by those whom they
> expect to be honest.
>
>> how much of the complaint, then, comes from the fact that people are
>> starting off with a wrong expectation? and how long are we going to
>> criticize businesses for not elevating their users to a higher plane of
>> security awareness?
>
> Don't they sometimes start off with the wrong expectations based on
> what they were promised at the start? Like.. "install and forget"

i think we're at the point now (and have been for some time) where
people can get that impression from the media without being directly
exposed to actual av marketing... i think it's a meme that was started a
long time ago and i know that at least one of the people responsible
lost a great deal of respect because of it...

how do you combat noisy memes? with signal-rich memes... i just wish i
was better at starting memes...

>>>> of course understandability does need to improve, but it has also made
>>>> improvements... maybe not so much that you'd notice from one year to the
>>>> next, but i remember a time when everything got reported as a virus - at
>>>> least now they throw in words like trojan and exploit too (even if
>>>> "virus" remains in the same report)...
>>> Okay, that's true but IMO it's no great feat in the grand scheme of AV
>>> software advancements.
>> i dunno, the fact that it happened at all when there's no financial
>> incentive for it seems like a minor miracle to me...
>
> Okay, I just disagree. I think there is financial incentive to
> increase the accuracy of alerts in a product whose function is to...
> alert.

but it's not an increase in the accuracy of the alert, it's an increase
in the accuracy of the alert classification... i don't think the average
user cares whether they have a virus, worm, trojan, dialer, dropper,
rat, rootkit, whatever... they have a 'bad thing' detector and they
expect it to deal with bad things no matter what they're called... the
only real financial incentive i can think of that would come into play
here is that the more malware classifications the user sees coming out
of their scanner, the less likely they are to feel like they don't get
enough coverage from their current product and search for something
else... but that assumes they'll get a lot of alerts and i'm not sure
that will actually happen...

Clay

unread,
Oct 11, 2006, 2:30:43 PM10/11/06
to
On Mon, 09 Oct 2006 14:06:25 -0400, kurt wismer <ku...@sympatico.ca>
wrote:

>Clay wrote:


>> On Sat, 07 Oct 2006 17:36:23 -0400, kurt wismer <ku...@sympatico.ca>
>>> Clay wrote:
>[snip]

[snippage applied on occasion]

>sorry, i didn't mean to imply you were doing that... i meant that if i
>got up on a soap box and started complaining about the bad things av
>companies do without specific examples, that would be what i was
>doing... i just don't want to be that guy...

Okay.

>>> additionally, i really don't go out of my way to find examples of what
>>> people are doing wrong, i'm more interested in looking for what people
>>> are doing right and figuring out how that can be used to strengthen
>>> multi-layered approaches...
>>
>> It took me all of 30 seconds (barely going out of my way) to find the
>> example (from the first vendor that popped into my head) below.
>> Additionally, I only bothered to provide an example because it seemed
>> like you weren't aware that it would be so easy based on your
>> statement below regarding your blog.
>
>'barely going out of your way' is still going out of your way... i like
>to think i have better things to do with my life than monitor av company
>ad copy... to put it another way - would *you* have looked for it if not
>for this conversation? my guess is no, and that's the same answer for
>me... if i stumble on something, if someone brings something like this
>to my attention, then i become aware of it and it has my attention, but
>otherwise my attention is elsewhere...

Okay, agreed.

>> To be fair, here's 2 more:
>> http://www.bitdefender.com/PRODUCT-52-en--BitDefender-Standard-Client.html
>>
>> "install and forget"
>
>definitely a candidate - i've bashed folks for using that phrase before...
>
>> http://www.pandasoftware.com/products/HomeParticulares.htm?sitepanda=particulares
>>
>> At the URL above, they have a graphic that reads "Browse the Internet,
>> download any file you want, play online for hours... *without any
>> worries*"
>
>interesting... this bring up a new angle - how prevalent is snake oil
>*really*... you're starting to make it look ubiquitous...

It's out there... resellers are worse. Could make for an interesting
article.

Interesting... I hadn't given it much thought.

>and i think that's actually kinda weird, because although the
>multi-layered approach is still the best, what kinds of things can and
>should go into the multi-layered approach have changed over the past
>couple years...

I agree. How about Data encryption, DEP or Biometrics?

Hmmmm... well, I personally don't think user education is a waste of
time exactly... Unfortunately, I think many don't have any desire to
be educated about the products they use. "It should just work."

>>> we can make pie in the sky wishes or we can try to find a different
>>> solution... the nature of the business is not going to change to suit
>>> our ideals...
>>
>> Funny, I do use a different solution. It isn't as easy, but sasic safe
>> hex and common sense really works.
>
>actually, i meant a different solution for society, not for protecting
>ones own machine - but you're contributing there too by way of
>claymania... by the way, if one is a proponent of claymania, does that
>make one a claymaniac?

Haha! I don't think so. I think that term is reserved for fans of a
certain American Idol program contestant.

>[snip]
>>>> My thoughts often jump the track (especially since turning 40 some
>>>> time ago...). But (for example) I was thinking of those all in one
>>>> product suites that report blocking some external traffic noise as if
>>>> it were an attack on the users' system. Misleading and/or generic
>>>> alerts that that attempt to make the user feel as though the product
>>>> is protecting them is just unnecessary hype and confusion.
>>> hmmm... i'm getting a sense here that protection is like being secure
>>> (in fact, it seems obvious now that that i've written that that the two
>>> are tightly intertwined) in that people expect it to be a boolean
>>> quantity when the reality is that it's a gradient...
>>
>> People often believe what they're told. Especially by those whom they
>> expect to be honest.
>>
>>> how much of the complaint, then, comes from the fact that people are
>>> starting off with a wrong expectation? and how long are we going to
>>> criticize businesses for not elevating their users to a higher plane of
>>> security awareness?
>>
>> Don't they sometimes start off with the wrong expectations based on
>> what they were promised at the start? Like.. "install and forget"
>
>i think we're at the point now (and have been for some time) where
>people can get that impression from the media without being directly
>exposed to actual av marketing... i think it's a meme that was started a
>long time ago and i know that at least one of the people responsible
>lost a great deal of respect because of it...

Now that you mention media... it seems to me that the magazine ads for
AV and security suites are the worst offenders.

>how do you combat noisy memes? with signal-rich memes... i just wish i
>was better at starting memes...

Anyone...?

>>>>> of course understandability does need to improve, but it has also made
>>>>> improvements... maybe not so much that you'd notice from one year to the
>>>>> next, but i remember a time when everything got reported as a virus - at
>>>>> least now they throw in words like trojan and exploit too (even if
>>>>> "virus" remains in the same report)...
>>>> Okay, that's true but IMO it's no great feat in the grand scheme of AV
>>>> software advancements.
>>> i dunno, the fact that it happened at all when there's no financial
>>> incentive for it seems like a minor miracle to me...
>>
>> Okay, I just disagree. I think there is financial incentive to
>> increase the accuracy of alerts in a product whose function is to...
>> alert.
>
>but it's not an increase in the accuracy of the alert, it's an increase
>in the accuracy of the alert classification... i don't think the average

I think you're right about the "average" user. However... I think the
average user often gets their cue on what "the best" AV solution is
from more knowledgable users. You know, the ones that want (among
other things) those detailed alerts to be accurate so they can decide
how to proceed. Additionally (with regard to financial incentive), a
knowledgable, educated AV user will often keep close tabs on the
performance of their product of choice along with any others (reported
by other educated users) they deem worthy of consideration. Educated
users can affect the bottom line in the same way as customer support.

>user cares whether they have a virus, worm, trojan, dialer, dropper,
>rat, rootkit, whatever... they have a 'bad thing' detector and they
>expect it to deal with bad things no matter what they're called... the
>only real financial incentive i can think of that would come into play
>here is that the more malware classifications the user sees coming out
>of their scanner, the less likely they are to feel like they don't get
>enough coverage from their current product and search for something
>else... but that assumes they'll get a lot of alerts and i'm not sure
>that will actually happen...

Yeah, especially when they shut off the alert mechanism because it's
too intrusive. Don't get me wrong, what we have is often better than
nothing, particularly for the average user... whatever average is ("It
should just work." ?).

kurt wismer

unread,
Oct 11, 2006, 7:47:09 PM10/11/06
to
Clay wrote:
> On Mon, 09 Oct 2006 14:06:25 -0400, kurt wismer <ku...@sympatico.ca>
>> Clay wrote:
>>> On Sat, 07 Oct 2006 17:36:23 -0400, kurt wismer <ku...@sympatico.ca>
>>>> Clay wrote:
[snip]
>> interesting... this bring up a new angle - how prevalent is snake oil
>> *really*... you're starting to make it look ubiquitous...
>
> It's out there... resellers are worse. Could make for an interesting
> article.

well, i don't know if interesting is the word i'd use... depressing,
maybe... i was certainly depressed (and tired, gotta find a better time
of day to do blogging than midnight to 2am)... we're swimming in a sea
of snake oil, it's pretty awful...

http://anti-virus-rants.blogspot.com/2006/10/complete-total-full-protection-is-snake.html

[snip]


>> and i think that's actually kinda weird, because although the
>> multi-layered approach is still the best, what kinds of things can and
>> should go into the multi-layered approach have changed over the past
>> couple years...
>
> I agree. How about Data encryption, DEP or Biometrics?

for malware protection? data encryption is being used more as a payload
these days...

i can see digital signatures being used, maybe - that's not exactly a
new idea... basically a whitelist where list membership is determined by
the validity of the signature...

DEP (data execution prevention) i believe is already being used to
thwart certain types of exploits (when and where DEP is available)...

i'm not sure i can see any way that biometrics can be used though (and i
worked in biometrics for a while)... did you have anything specific in
mind?

the desire to be educated would come into play iff we were approaching
education in an institutional way... that's not necessarily the only way
to teach people things, however... mass media has been used effectively
to educate and raise awareness about other things, it can probably be
used here too...

for example, imagine a commercial where a parent is bundling their kid
up so the kid can go outside in inclement weather and then when done the
parent sits down at the computer and starts clicking away while a
narrator says "you wouldn't go out into the world without layers for
protection, why would you go on the net that way?"...

[snip]


>> claymania... by the way, if one is a proponent of claymania, does that
>> make one a claymaniac?
>
> Haha! I don't think so. I think that term is reserved for fans of a
> certain American Idol program contestant.

oh... hmmm... i wouldn't know anything about that...

[snip]


>>>> how much of the complaint, then, comes from the fact that people are
>>>> starting off with a wrong expectation? and how long are we going to
>>>> criticize businesses for not elevating their users to a higher plane of
>>>> security awareness?
>>> Don't they sometimes start off with the wrong expectations based on
>>> what they were promised at the start? Like.. "install and forget"
>> i think we're at the point now (and have been for some time) where
>> people can get that impression from the media without being directly
>> exposed to actual av marketing... i think it's a meme that was started a
>> long time ago and i know that at least one of the people responsible
>> lost a great deal of respect because of it...
>
> Now that you mention media... it seems to me that the magazine ads for
> AV and security suites are the worst offenders.

probably... i think any ad is pretty bad, but the ones in paper
publications may get less scrutiny because they're less persistent...

>> how do you combat noisy memes? with signal-rich memes... i just wish i
>> was better at starting memes...
>
> Anyone...?

oh yes, if anyone's got mad meme skills please chime in...

>>>>>> of course understandability does need to improve, but it has also made
>>>>>> improvements... maybe not so much that you'd notice from one year to the
>>>>>> next, but i remember a time when everything got reported as a virus - at
>>>>>> least now they throw in words like trojan and exploit too (even if
>>>>>> "virus" remains in the same report)...
>>>>> Okay, that's true but IMO it's no great feat in the grand scheme of AV
>>>>> software advancements.
>>>> i dunno, the fact that it happened at all when there's no financial
>>>> incentive for it seems like a minor miracle to me...
>>> Okay, I just disagree. I think there is financial incentive to
>>> increase the accuracy of alerts in a product whose function is to...
>>> alert.
>> but it's not an increase in the accuracy of the alert, it's an increase
>> in the accuracy of the alert classification... i don't think the average
>
> I think you're right about the "average" user. However... I think the
> average user often gets their cue on what "the best" AV solution is
> from more knowledgable users. You know, the ones that want (among
> other things) those detailed alerts to be accurate so they can decide
> how to proceed. Additionally (with regard to financial incentive), a
> knowledgable, educated AV user will often keep close tabs on the
> performance of their product of choice along with any others (reported
> by other educated users) they deem worthy of consideration. Educated
> users can affect the bottom line in the same way as customer support.

indeed they can affect the bottom line and not necessarily in a good
way, and perhaps thats why few businesses try to create them... then
again, the same basic argument has been made for why governments want to
keep people dumb...

>> user cares whether they have a virus, worm, trojan, dialer, dropper,
>> rat, rootkit, whatever... they have a 'bad thing' detector and they
>> expect it to deal with bad things no matter what they're called... the
>> only real financial incentive i can think of that would come into play
>> here is that the more malware classifications the user sees coming out
>> of their scanner, the less likely they are to feel like they don't get
>> enough coverage from their current product and search for something
>> else... but that assumes they'll get a lot of alerts and i'm not sure
>> that will actually happen...
>
> Yeah, especially when they shut off the alert mechanism because it's
> too intrusive. Don't get me wrong, what we have is often better than
> nothing, particularly for the average user... whatever average is ("It
> should just work." ?).

unfortunately, "it should just work" is a hop, skip, and a jump away
from "install and forget"...

i think if anyone is ever really going to address user education, one
aspect of it is going to have to be figuring out how to 'frame' things
better because the words we naturally choose are loaded in unfortunate
and unhelpful ways... "it should just work" is an example, "protect" and
"secure" are too...

Clay

unread,
Oct 12, 2006, 3:22:06 PM10/12/06
to
On Wed, 11 Oct 2006 19:47:09 -0400, kurt wismer <ku...@sympatico.ca>
wrote:

>Clay wrote:


>> On Mon, 09 Oct 2006 14:06:25 -0400, kurt wismer <ku...@sympatico.ca>
>>> Clay wrote:
>>>> On Sat, 07 Oct 2006 17:36:23 -0400, kurt wismer <ku...@sympatico.ca>
>>>>> Clay wrote:
>[snip]
>>> interesting... this bring up a new angle - how prevalent is snake oil
>>> *really*... you're starting to make it look ubiquitous...
>>
>> It's out there... resellers are worse. Could make for an interesting
>> article.
>
>well, i don't know if interesting is the word i'd use... depressing,
>maybe... i was certainly depressed (and tired, gotta find a better time
>of day to do blogging than midnight to 2am)... we're swimming in a sea
>of snake oil, it's pretty awful...
>
>http://anti-virus-rants.blogspot.com/2006/10/complete-total-full-protection-is-snake.html

Last paragraph, second sentence... did you mean "complete protection"
in place of "protect protection" ?

>[snip]
>>> and i think that's actually kinda weird, because although the
>>> multi-layered approach is still the best, what kinds of things can and
>>> should go into the multi-layered approach have changed over the past
>>> couple years...
>>
>> I agree. How about Data encryption, DEP or Biometrics?
>
>for malware protection? data encryption is being used more as a payload
>these days...

Maybe I'm off track... I was actually thinking more about minimizing
the risk of data loss/damage in general, including personal detail
leakage. I mean, viruses and malware are threats to data (integrity?)
but not the only threats to be concerned about. So I think I look at
it more like a multi-layered approach to minimizing risk of data loss,
etc. It's a big job for sure.

>i can see digital signatures being used, maybe - that's not exactly a
>new idea... basically a whitelist where list membership is determined by
>the validity of the signature...

No, none of these are new ideas. Just things that might be considered
in the attempt to minimize risk.

>DEP (data execution prevention) i believe is already being used to
>thwart certain types of exploits (when and where DEP is available)...

Again, not new. It's in XP. Hardware support is not always available
of course.

>i'm not sure i can see any way that biometrics can be used though (and i
>worked in biometrics for a while)... did you have anything specific in
>mind?

not exactly. I did remember that you worked in biometrics and it is
used more often these days to gain access to "protected" systems.
Minimizing the risk of data loss (literally accessable and exploitable
by unauthorized 3rd parties).

[biggus snippus]

>> Hmmmm... well, I personally don't think user education is a waste of
>> time exactly... Unfortunately, I think many don't have any desire to
>> be educated about the products they use. "It should just work."
>
>the desire to be educated would come into play iff we were approaching
>education in an institutional way... that's not necessarily the only way
>to teach people things, however... mass media has been used effectively
>to educate and raise awareness about other things, it can probably be
>used here too...
>
>for example, imagine a commercial where a parent is bundling their kid
>up so the kid can go outside in inclement weather and then when done the
>parent sits down at the computer and starts clicking away while a
>narrator says "you wouldn't go out into the world without layers for
>protection, why would you go on the net that way?"...

That's exactly how I see it. Using the Net can be dangerous...

Heh, some lyrics from the tune Thela Hun Ginjeet by King Crimson just
popped into my head... "It's a dangerous place".

>[snip]
>>> claymania... by the way, if one is a proponent of claymania, does that
>>> make one a claymaniac?
>>
>> Haha! I don't think so. I think that term is reserved for fans of a
>> certain American Idol program contestant.
>
>oh... hmmm... i wouldn't know anything about that...

Well, I know a little... I still get emails meant for "him" on
occasion.

>[snip]

[couldasnippedsometoobutdidn't]

Motives and motivation... a discussion for another time perhaps.

>>> user cares whether they have a virus, worm, trojan, dialer, dropper,
>>> rat, rootkit, whatever... they have a 'bad thing' detector and they
>>> expect it to deal with bad things no matter what they're called... the
>>> only real financial incentive i can think of that would come into play
>>> here is that the more malware classifications the user sees coming out
>>> of their scanner, the less likely they are to feel like they don't get
>>> enough coverage from their current product and search for something
>>> else... but that assumes they'll get a lot of alerts and i'm not sure
>>> that will actually happen...
>>
>> Yeah, especially when they shut off the alert mechanism because it's
>> too intrusive. Don't get me wrong, what we have is often better than
>> nothing, particularly for the average user... whatever average is ("It
>> should just work." ?).
>
>unfortunately, "it should just work" is a hop, skip, and a jump away
>from "install and forget"...

Yes, I'm not promoting it, I'm simply observing it.

>i think if anyone is ever really going to address user education, one
>aspect of it is going to have to be figuring out how to 'frame' things
>better because the words we naturally choose are loaded in unfortunate
>and unhelpful ways... "it should just work" is an example, "protect" and
>"secure" are too...

Minimizing risk.

(analogy alert!)

Like using turn signals, seat belts, alarms, tracking and
immobilizing devices to minimize automobile user risks.

kurt wismer

unread,
Oct 12, 2006, 11:10:03 PM10/12/06
to
Clay wrote:
> On Wed, 11 Oct 2006 19:47:09 -0400, kurt wismer <ku...@sympatico.ca>
>> Clay wrote:
>>> On Mon, 09 Oct 2006 14:06:25 -0400, kurt wismer <ku...@sympatico.ca>
>>>> Clay wrote:
>>>>> On Sat, 07 Oct 2006 17:36:23 -0400, kurt wismer <ku...@sympatico.ca>
>>>>>> Clay wrote:
>> [snip]
>>>> interesting... this bring up a new angle - how prevalent is snake oil
>>>> *really*... you're starting to make it look ubiquitous...
>>> It's out there... resellers are worse. Could make for an interesting
>>> article.
>> well, i don't know if interesting is the word i'd use... depressing,
>> maybe... i was certainly depressed (and tired, gotta find a better time
>> of day to do blogging than midnight to 2am)... we're swimming in a sea
>> of snake oil, it's pretty awful...
>>
>> http://anti-virus-rants.blogspot.com/2006/10/complete-total-full-protection-is-snake.html
>
> Last paragraph, second sentence... did you mean "complete protection"
> in place of "protect protection" ?

ack! that's what trying to proof-read at 2am gets me... actually it
should have been "protect and protection"... i was talking about the
fact that they imply completeness even though we use them in a context
where completeness is impossible...

>> [snip]
>>>> and i think that's actually kinda weird, because although the
>>>> multi-layered approach is still the best, what kinds of things can and
>>>> should go into the multi-layered approach have changed over the past
>>>> couple years...
>>> I agree. How about Data encryption, DEP or Biometrics?
>> for malware protection? data encryption is being used more as a payload
>> these days...
>
> Maybe I'm off track... I was actually thinking more about minimizing
> the risk of data loss/damage in general, including personal detail
> leakage. I mean, viruses and malware are threats to data (integrity?)
> but not the only threats to be concerned about. So I think I look at
> it more like a multi-layered approach to minimizing risk of data loss,
> etc. It's a big job for sure.

if i'm reading this right there are 2 things you're talking about here -
data leakage and data corruption...

encryption won't foil data corruption as the malware can simply corrupt
the encrypted data (it will no longer decrypt properly at that point)...
it also won't foil data leakage because the data can simply be stolen
when it gets used (in order to use the data it must be converted to it's
decrypted form, at least in memory)...

[snip]


>> i'm not sure i can see any way that biometrics can be used though (and i
>> worked in biometrics for a while)... did you have anything specific in
>> mind?
>
> not exactly. I did remember that you worked in biometrics and it is
> used more often these days to gain access to "protected" systems.
> Minimizing the risk of data loss (literally accessable and exploitable
> by unauthorized 3rd parties).

so fundamentally an access control application of the technology... i
dunno - generally biometrics would be used as a 2nd factor in 2 factor
authentication, which is something a user would generally only do once
per session... after that any malware they happen to run would have
access to everything the user has access to...

the attack model biometrics addresses is where some other agent tries to
gain access as you through normal authentication channels - it doesn't
address possibility of that other agent gaining access through you,
using you as a proxy for authentication...

[snip]


>> i think if anyone is ever really going to address user education, one
>> aspect of it is going to have to be figuring out how to 'frame' things
>> better because the words we naturally choose are loaded in unfortunate
>> and unhelpful ways... "it should just work" is an example, "protect" and
>> "secure" are too...
>
> Minimizing risk.
>
> (analogy alert!)
>
> Like using turn signals, seat belts, alarms, tracking and
> immobilizing devices to minimize automobile user risks.

layers of protective mechanisms, no single one of them completely
effective alone but in concert they get a lot closer...

Dustin Cook

unread,
Oct 14, 2006, 3:07:46 PM10/14/06
to
Clay <one.ste...@intentionally.invalid> wrote in
news:g2eqi21pg8smm84t2...@4ax.com:

> On Mon, 09 Oct 2006 14:06:25 -0400, kurt wismer <ku...@sympatico.ca>
> wrote:
>
>>Clay wrote:
>>> On Sat, 07 Oct 2006 17:36:23 -0400, kurt wismer <ku...@sympatico.ca>
>>>> Clay wrote:
>>[snip]
>
> [snippage applied on occasion]
>

>>and *if* they were going to come back, the only way that would happen
>>is if there was already good signal here... again, it's something one
>>has to take personal responsibility for... yes they're gone, but there
>>are still knowledgeable people around who, i think, are just not being
>>stimulated the way they used to... we don't talk so much about the
>>higher level concepts anymore, maybe because everything's already been
>>said or maybe we just assume that it has... the term "multi-layered"
>>for example, was mentioned once in this discussion, once in september
>>and then before that you have to back all the way to june 2005 to find
>>it mentioned, and then before that single mention you have to back to
>>2004...
>
> Interesting... I hadn't given it much thought.

Indeed... I hadn't either.



>>again, i agree with all of this stuff... in fact, if it empowers
>>people (and good customer service does) then chances are i'm going to
>>agree with it... but i also know that different business people make
>>different business decisions... i don't know how true this is today,
>>but i recall that several years ago there was a common (enough)
>>feeling among the av professionals that user education was a waste of
>>time... if you're the top brass at an av company looking to shave a
>>few dollars off your bottom line and you hear that from folks who are
>>supposed to know this stuff better than you (because i don't believe
>>for a second that there are many big av companies left where the folks
>>at the top actually know av) then i think don't think it would be at
>>all surprising if you were to make similar decisions about how
>>customer service should be handled...
>
> Hmmmm... well, I personally don't think user education is a waste of
> time exactly... Unfortunately, I think many don't have any desire to
> be educated about the products they use. "It should just work."

I have to agree with your assessment, Clay. Many customers I deal with do
not want to have to learn anything about the software, or even the
computer itself if they can help it. For example, we had a customer who
had his machined cleaned from spyware 10 months ago. Three weeks ago, he
brought the machine in for the same problems. We inspected the machine,
and did find small amounts of active adware based software. It was
removed. When he came to pick the machine up, he again (He had been told
what to do to stay clean last time) asked what should be done so that he
doesn't have to bring the machine in. He refuses to run an antivirus,
refuses to make use of a firewall of any kind, and will not use anything
except Internet Explorer.. He seems to download all kinds of things from
the net... You know, free screen savers, online poker, etc... so I expect
I'll be seeing him again in another 10 months. :(



>>> People often believe what they're told. Especially by those whom
>>> they expect to be honest.
>>>
>>>> how much of the complaint, then, comes from the fact that people
>>>> are starting off with a wrong expectation? and how long are we
>>>> going to criticize businesses for not elevating their users to a
>>>> higher plane of security awareness?
>>>
>>> Don't they sometimes start off with the wrong expectations based on
>>> what they were promised at the start? Like.. "install and forget"
>>
>>i think we're at the point now (and have been for some time) where
>>people can get that impression from the media without being directly
>>exposed to actual av marketing... i think it's a meme that was started
>>a long time ago and i know that at least one of the people responsible
>>lost a great deal of respect because of it...
>
> Now that you mention media... it seems to me that the magazine ads for
> AV and security suites are the worst offenders.

Yep...

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool
web: http://bughunter.it-mate.co.uk
email: bughunte...@gmail.com.removethis

Last updated: October 13th, 2006

Reply all
Reply to author
Forward
0 new messages