Jump to content


Photo

is Paretologic a rogue creator ?


  • Please log in to reply
7 replies to this topic

#1 S&033;Ri

S&033;Ri

    SWI Junkie

  • Developer
  • PipPipPipPip
  • 481 posts

Posted 18 July 2009 - 10:33 AM

From my blog post:
http://siri-urz.blog...ue-creator.html

In reply to what was asked on twitter:

How many security companies do you consider ethical my friend? Is business always ethical?


Business can be ethical. There must be a trust relationship between vendors and customers. Look at the problems I point:

Another problem is the license. When the free scanner detects an infection. It proposes acquiring (buying) a license from the infected system. This is a very bad idea: the malware may stole identity and credit card informations.


Users trust in a product to remove an infection. Some corps. see only profits and don't care about informations stolen while registration process.

You are referring to the "free scan" model. Once again, it is a marketing plan and although some people do not like it at all, it is used by many legit companies.


Not a good answer to me. It is not because many people do stupid things you have to do the same.

Hope you don't consider my blog as a rogue? But then again, you can take it or leave it.


It's clear and said in the blog article: "The limit between rogue, PUP and non-ethic is poor. I won't consider it as rogue because of the missing rogue symptoms, but ParetoLogic is certainly not ethical."

ParetoLogic have a serious business plan problem with affiliates method.

#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 July 2009 - 11:03 AM

Thanks, S!Ri. Points well taken. Members should definitely avoid that program, and Helpers should regard it as an optional removal if not spyware.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 malwarediaries

malwarediaries

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 18 July 2009 - 12:31 PM

Hey S!ri

This is the kind of debate that never ends.

There are so many companies that do things that will make people talk. Take for example, Symantec bundling with the ASK toolbar. Well, it got a lot of people buzzing... Unless you are a non profit organisation, the point of a business is to make money. It's easy to criticize different practices and judge them. If you don't own a business yourself, then that's fine.
I've always had issues with marketing myself... The line is very thin to cross... However, I'm not a marketing guy, and I wouldn't want to be either.

Take another example. This morning, my parents back in France phone me and say they downloaded AVG free antivirus. Everything worked well except they are confused because it is saying it will expire in 30 days. I find this practice very confusing and I do not like it. But then again, this is the marketing folks that are there to make the company money.
I haven't used AVG but I think it is possible to keep the free version (although to the average user this does not seem possible).

Same goes for ZoneAlarm. Good luck finding the "free" firewall! It's there all right, but boy you have to search hard. Otherwise they advertise their other pay products (Internet Security suite and the like).

So in the end, my conclusion is that as individuals, non profit orgs, we can judge and hate marketing practices. However, if you are in the business, these are things that go on all the time. Even the big guys are advertising or bundling in ways that will make you cringe.

I do not like all this money talk. I do my job as a security researcher because I am passionate about it. I like fighting online criminals and helping people out by providing information to practice safe surfing and other basic security skills.
As you see, I am honest to respond and discuss the issues you brought up. Once again, I do not censor the blog.

Hopefully the arguments you brought about unethical can be addressed. Keep in mind though that something unethical to you may not be for someone else... and there's not much I can do about that.

Also, before accusing people you need to understand a bit of their background. I can tell you that a lot of the information that circulates is just not true. Some people are still stuck with the old XoftSpy back in its infancy that was labelled rogue mainly because of false positives. You can download that program today and it has gone through so many updates. But no, some people don't want to change their beliefs...


Signing off...
Jerome

P.S. I don't have anything against you. I read your blog and you gave me some tips for myself as well ;-)
It's just hard when the company you're working for is accused left right and center. Oh, and the blog, which I am proud of and invest a lot of time in.

#4 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 July 2009 - 12:55 PM

Welcome to the forum, malwarediaries. :) #swiforum follows you with interest on Twitter. Stick around - we need more people who "..like fighting online criminals and helping people out by providing information to practice safe surfing and other basic security skills."
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#5 S&033;Ri

S&033;Ri

    SWI Junkie

  • Developer
  • PipPipPipPip
  • 481 posts

Posted 18 July 2009 - 01:41 PM

I don't talk about others corp. The subject here is "ParetoLogic".
Symantec, Avast, AVG, PUP, Bad tools (...) should not been taken in consideration.

As a security researcher you have to admit it:
Giving personal informations (credit card number, identity, email) on the network from an infected system is not secure and is dangerous.

Well, I have my own business and yes, business is money. Now there are different methods to make money. I won't place my customer in a dangerous situation to earn money. This is about ethic. ParetoLogic have made choices: "Ask personal information from an infected computer" and "communicate through affiliates". ParetoLogic have to take its responsibility (the others corps. doing the same will have to one day...)

Also, before accusing people you need to understand a bit of their background. I can tell you that a lot of the information that circulates is just not true. Some people are still stuck with the old XoftSpy back in its infancy that was labelled rogue mainly because of false positives. You can download that program today and it has gone through so many updates. But no, some people don't want to change their beliefs...


Right, this is why I don't talk about the tools themselves and don't classify ParetoLogic as Rogue. I install the tools and test them before making an opinion. This is my point of view. For some others researcher, unethical practice is enough for being flagged as rogue.


It's just hard when the company you're working for is accused left right and center. Oh, and the blog, which I am proud of and invest a lot of time in.


I understand, there is nothing personal.


Edit: Typo errors

Edited by S!Ri, 18 July 2009 - 05:21 PM.


#6 malwarediaries

malwarediaries

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 18 July 2009 - 04:36 PM

As a security researcher you have to admit it:
Giving personal informations (credit card number, identity, email) on the network from an infected system is not secure and is dangerous.


I agree, there is no disputing that.
I've always been in favor of prevention. I belie you should install security products BEFORE getting infected. However, a lot of people only panic when their PC starts acting weird and then they want it fixed.
Also, no matter how good your security software is, there is no 100% guarantee that your machine will indeed be clean. (i.e rootkits and other malware may still be resident).

There are simple things anyone can do:
- backing up your data and your system at regular intervals is one.

If your PC happens to be horribly infected, don't panic, and just restore the clean baseline.

As you know, a lot of people don't really know how to do backups or once again, have an attitude that this can't happen to me.... That's why there are AV solutions and why there are so popular.

Jerome

#7 malwarediaries

malwarediaries

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 18 July 2009 - 04:37 PM

Welcome to the forum, malwarediaries. :) #swiforum follows you with interest on Twitter. Stick around - we need more people who "..like fighting online criminals and helping people out by providing information to practice safe surfing and other basic security skills."


Thanks!

#8 S&033;Ri

S&033;Ri

    SWI Junkie

  • Developer
  • PipPipPipPip
  • 481 posts

Posted 18 July 2009 - 05:30 PM

I've always been in favor of prevention.


Right. Practicing Safe Hex is the best way to avoid getting infected.




Member of UNITE
Support SpywareInfo Forum - click the button