forum.vdsworld.com

LiquidCode · Posted: Thu Apr 05, 2007 5:40 pm Post subject: Commercial Research...Spyware?

One of my clients ran a Spyware scan using Counter Spy V2 from sunbeltsoftware.com and got this on one of my programs.

Scan History Details
Start Date: 4/3/2007 11:41:48 AM
End Date: 4/3/2007 11:45:49 AM
Detected security risks
Canary Surveillance (General) more information...
Details: Canary is Internet monitoring software and computer monitoring software.
Status: Deleted
Registry entries detected
HKEY_USERSS-1-5-21-448539723-1500820517-839522115-1004SOFTWARECOMMERCIAL RESEARCH
HKEY_USERSS-1-5-21-448539723-1500820517-839522115-1004SOFTWARECOMMERCIAL RESEARCHVDS
HKEY_USERSS-1-5-21-448539723-1500820517-839522115-1004SOFTWARECOMMERCIAL RESEARCHVDS5.0
HKEY_USERSS-1-5-21-448539723-1500820517-839522115-1004SOFTWARECOMMERCIAL RESEARCHVDS5.0UserScripts
HKEY_USERSS-1-5-21-448539723-1500820517-839522115-1004SOFTWARECOMMERCIAL RESEARCHVDS5.0UserScriptsDVContacts
HKEY_USERSS-1-5-21-448539723-1500820517-839522115-1004SOFTWARECOMM

Any idea why? This is making some of my clients very concerned.

Thanks

vdsalchemist · Posted: Thu Apr 05, 2007 5:50 pm Post subject:

Could it be because it has the word UserScripts and the word Contacts as part of those registry keys? I don't know anything about Counter Spy? Maybe someone needs to educate the developers at Counter Spy about Visual Dialog Script? This would not be the first time that Anti-Spy and AntiVirus software showed a false positive for something to do with VDS.

LiquidCode · Posted: Thu Apr 05, 2007 6:00 pm Post subject:

I just sent them a message about the issue and about VDS. We'll see what happens.

marty · Professional Member Joined: 10 May 2001 Posts: 789

Serge · Posted: Fri Apr 06, 2007 1:28 am Post subject:

chris,

if your client is using my Canary on their computer, then i can understand the scan result although i would not consider my program spyware as it is installed on computers by parents who want to monitor their children's activities ... nothing is transmitted to me online and the program is NEVER installed on a computer without the consent of the one installing it ie. it is NEVER installed secretly ... it is a consentual monitoring program and certainly not spyware

LiquidCode · Posted: Fri Apr 06, 2007 1:53 am Post subject:

I get the same thing on my computer when I run it and I don't have that installed. It also says that upx.exe (the exe compressor) is also spyware. They got back to me and I am going to help them fix the problem....hopefully.

vdsalchemist · Posted: Fri Apr 06, 2007 1:57 am Post subject:

Yeah most AntiSpy and AntiVirus programs see upx.exe compressed programs as a false positive. Counter Spy just needs to be informed and it seems that LiquidCode has already do this.

jules · Posted: Mon Apr 09, 2007 9:52 am Post subject:

Why is your software using the Commercial Research registry branch to store its settings? This default key is only there so registry settings will work for people who don't bother to set up an application-specific key using OPTION REGKEY. I would never use that for anything intended ffor distribution.

As for the false alarm it would seem that CounterSpy is using some generic characteristic of VDS programs as a way to detect the allegedly spyware Canary. Unfortunately the sophistication of anti-spyware scanners leaves a lot to be desired. I have tested anti-spywares that flagged a program as malicious simply because a component had the same name as something used by a spyware.

GeoTrail · Posted: Sat Apr 14, 2007 3:00 pm Post subject:

Might be the name, Commercial Research Wink

LiquidCode · Posted: Sat Apr 14, 2007 3:32 pm Post subject:

Isn't the default key needed for the check next to a menu item? or does that use what "default" is set in the program?

vdsalchemist · Posted: Sun Apr 15, 2007 11:42 pm Post subject:

LiquidCode · Posted: Sun Apr 15, 2007 11:52 pm Post subject:

Ok, I'll have to start changing that. Thanks