Hello All. When I updated SpyBot S&D this a.m. (12/29/06) and ran the scan, it found 988 entries of something called CyberDefender. Is this the same thing as the CyberDefender Antispyware freeware product????? I installed CyberDefender Antispyware about a month ago and have run it several times. It seems to work OK and does find some supposed spyware that SpyBot and several other programs do NOT find, but I have noticed that after I open and run CyberDefender, I seem to get a rash of email spam, primarily relating to advertising for on line educational and college services.

I went ahead and had SpyBot S&D remove all 988 entries but would like to find out how I can determine if the CyberDefender SpyBot refers to is the same and the CyberDefender Antispyware product and why it has been determined to be spyware?? Any suggestions appreciated.
Lee in the Mountains of Northern California

leebunyard:

I can not answer your question as to whether or not the CyberDefender detections within Spybot-S&D that you are getting are for CyberDefenderFREE - Internet Security Suite.

However, just so that you are aware, CyberDefender was originally listed as a "Rogue/Suspect Anti-Spyware Product" in the following listing:
Spyware Warrior Rogue-Suspect Anti-Spyware Products & Web Sites
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Subsequently, CyberDefender was removed from that list with the following note:


Note on CyberDefender: We originally listed CyberDefender on this page out of concerns that the vendor behind the product was the same company that previously released Spyblocs/eBlocs, an application with a bad history of aggressive, deceptive advertising and illegal force-installs. Although we found no major problems in our initial testing with CyberDefender beyond false positives that were quickly cleaned up, and while the vendor itself halted the sales of Spyblocs and vowed not to repeat the same mistakes with CyberDefender, we decided out of caution to impose a three month probation period before we would consider re-testing and, if warranted, de-listing the the product from the Rogue/Suspect list. During that three month probation period we monitored the behavior of the company. When we encountered a spurt of advertising for the product through adware, we refused to de-list the product and imposed a second three month probation period. At the end of the second three month probation period we re-tested CyberDefender, again finding no problems serious enough to justify listing the program on this page. As we have observed no advertising of the product through adware for many months, and as the program itself exhibits no problems serious enough to warrant listing on this page, we have decided to de-list CyberDefender from the Rogue/Suspect list and can no longer regard the program to be "rogue/suspect."
Note: same company (http://www.spywarewarrior.com/family_resemblances.htm#2) as Spyblocs / eBlocs

[A: 12-27-05 / U: 7-8-06]

Yes CyberDefender is the one named above. It is currently categorized as PUPS (Possibly Unpopular Software).

The past product Spyblocs was considered malware. CyberDefender still uses parts of Spyblocs. Overall the Software does not appear to be harmful, but it is still fishy and the user should decide wether to trust CyberDefender or not.
The website usually claims only that the software is free, there is no link to purchase the software. This information is given when CyberDefender is installed. Also CyberDefender flags cookies from advertising loaded through it.
It also bypasses the Windows firewall without asking, although there is an information that the user should configure the firewall to let CyberDefender pass.
The Eula is badly readable and can be clicked away easily, this appears to be intended by CyberDefender. As a company with a bad history it should put more effort in behaving properly.
Actually CyberDefender violates the ethics stated on its own site.

Yodama:
In your previous post, #61017, you said "Actually CyberDefender violates the ethics stated on its own site." I have briefly looked over their stated policy for their Web site about advertising and was wondering just which part of their stated policy you claim they violate?
Also, although previous posts indicate that CyberDefender has been removed from the detections, I still notice it listed in the PUPS and PUPS C sections of the products list within the program. Is this inclusion due to its behavior?
BTW, I am not trying to defend a questionable program, just get some answers, as they've made a "presentation" (via their marketing folks) to a computer club I know of.

I don't speak for Yodama, who may not be here until after the weekend, but please see:

CyberDefender: Early Deceit
By Steven Burn - April 15th 2007
http://mysteryfcm.co.uk/?mode=Articles&date=17-04-2007

hi,

@Tashi
thanks for the link, it appears CyberDefender got even worse.


@robertdev
CyberDefender has not been removed from detection it was only added to PUPS because of its behavior, please see the link Tashi provided it covers about the same things we encountered during testing. We also were in dialog with CyberDefender about this, but they acutally did not see any need to change it.

If you follow the article linked by Tashi, you can see that CyberDefender violates its Advertising Guidelines, for instance:


The ad creative (pop-under, email, banner, etc.) or the landing page must not:
* Create the association or impression of a Spyware plant in conjunction with the Product.
*Present and deliver the Product without the consumer's permission using for example 'Terms and Conditions' or 'opt-in' by consumer such as fly-by icon drops or placement on the consumer's desktop applications/toolbars.


As CyberDefender does not ask if the user wants to install the toolbar and does not clearly state that it is going to be installed prior to installation the second point is violated. The user cannot choose to not install the toolbar, CyberDefender refused to change this to make it optional.

Flagging the cookies from its own advertising gives the impression similar to that of intended false positives. As CyberDefenders personel have a long history of online marketing and advertising, they should be able to determine advertisers whose cookies need not be flagged. So this appears to be intended and thus violating the first point.
Or said differently, what would a user think if he uses another security software that does not find anything during scan, but CyberDefender appears to find cookies not found by the other?

Putting this together Cyber Defender has earned its place as PUPS, in the link Tashi provided, the tester Steven Burn reports that CyberDefender deactivates the Windows Firewall. This was not the case during our testing a while ago. But with such behavior CyberDefender would actively compromise the system security and would be 'promoted' to malware.

It seems we are going to test it again for ourselves and see how CyberDefender has changed and what it does in its current version.