View Full Version : iTunes 6.02 = Goodbye SpyBot.
After SpyBot started incorrectly detecting iTunes 6.02 as spyware on my system (it is not), and reading the subsequent information in the news post at http://spybot.safer-networking.de/en/news/2006-01-13.html , I have removed SpyBot S&D from my system and all systems which I administer. Spybot has been useful in the past, but with this move I fear that it's usefulness as an anti-spyware tool has come to an end.
I do regret that the people who make SpyBot S&D, a fine piece of software, have decided to attempt to use the software to further their own agenda by badmouthing Apple, or any other company, in an unfair manner. The goal of anti-spyware software should be to detect legitimate threats, not to further what is essentially a politically motivated agenda. The fact of the matter is that iTunes makes it perfectly clear that the data in question is being sent out from the computer immediately after the installation, and gives the option to turn it off then. Spyware that asks if it's okay to send out its data is not spyware, friends.
In any case, Spybot S&D is no longer a part of my arsenal, nor will it ever be again. It simply can no longer be trusted as an accurate source of detection information. I can no longer use nor recommend it for any security concious individual.
Thanks for the memories. :(
TonyKlein
2006-01-24, 20:04
Now come on! .... :-\
I'm sure that the following article will help you understand the background to this decision:
http://www.spybot.info/en/news/2006-01-13.html
If only Apple was as much concerned about your privacy as SpyBot is and continues to be...
I myself have been an Apple Macintosh user for... more years than I can count I guess. I still have a Color Classic here, a LC (16 Mhz I could use for text processing, writing emails and browser websites), my 66 Mhz 6100 which I used for codewriting, writing TeX stuff for the university and websites when CSS and Flash etc. got too common. Now I'm using an iMac (neither Intel nor G5, one of the good old ones ;) ).
And whenever there's a new version of Windows, I look at it's new features and say "hey, cool, look at that - I've had that feature on my Mac ten years ago already!". So where are the politics? I'm someone who never left any doubts that I think Macs are easier, more stable, and in some aspects more secure (though that advantage may be due to their smaller audience).
Now when this iTunes came into the press, a bunch of people here staid until deep in the night to find out what really is behind it, in english and german versions, on Mac and Windows, we tried them all to be sure. And to answer your accusations:
* it was not made clear in their license agreement. On the contrary, the license agreement clearly says that if additional services, especially third parties, will be involved, the user will be asked about that. The printout on my desk is the German one, but I guess the chapters are the same, so take a look at chapter 4. It mentions only materials and links from third parties, not data sent to third parties. But more important there is chapter 13, regarding third party services. It only mentions 3Com Kerbango and Gracenote CCDB, but no Omniture at all! Now according to German law, if a software transmits data to a third party, that's not valid without the users consent (if it had been mentioned in the license agreement, there would've been no reason to complain).
* The option to turn it off is newer than the article and the detection! It simply was not there at first. You had to find their website and opt out. And even now, it isn't telling you it will contact a third party not named in the license agreement! Or maybe they've changed the Ministore to not send that information out to a third party any more, but it was there (see screenshot at the bottom).
* We asked Apple about this. The answer was hame that we had no Macintosh version, and ignoring the question why a third party was contacted without the users consent. I've written to four different people at Apple about 2o7.net (Omniture), and why a data analysis company would be needed if the information would not be stored, but never received an answer on that question, only evasive phrases.
And more important, ask yourself one question: if Apple was totally right up front, why did they change their ministore? It's been in the press for no longer than three days, than it was virtually forgotten, so why make this opt-in instead of opt-out if there was nothing wrong with what they did?
PS: I invite you to install Little Snitch as well, so you can see this third party connection with your own eyes:
http://www.safer-networking.org/files/temp/itunes-2o7.jpg
And more important, ask yourself one question: if Apple was totally right up front, why did they change their ministore? It's been in the press for no longer than three days, than it was virtually forgotten, so why make this opt-in instead of opt-out if there was nothing wrong with what they did?
I never said there was nothing wrong with what they did, I said there was something wrong with what *you* did. At least they recognized and corrected their mistakes, here it's been over a week (and another detection pack has already been released) and you have yet to do the same.
Regardless of who the software contacts, regardless of the information it transmits, SpyBot has failed in it's stated task. I used to use it as part of an overall security solution, because it was incredibly good at detecting and removing known bad products. However in this case SpyBot fails in two important respects:
1. It does not detect a bad product, it detects a product which (now) offers the option of opt-in ability to send certain well-defined data to Apple's systems. The fact that it send to a third party is irrelevant if that third party is known to be employed by Apple.
2. It does not remove the actual threat, it detects and optionally removes an associated *documentation* file, for the sole purpose of presenting misleading and incorrect material to the user of SpyBot. The material is misleading in that it implies iTunes is a security threat (it's not) and it's incorrect in that it claims SpyBot can correct it (it can't).
Whole hog or none, sir. Either iTunes is spyware or it is not. If you define opt-in material as spyware, then your program is useless to me because our definitions no longer coincide. If you tell me that you found spyware and that you can remove it and then fail to do so, then your program is useless. Either way, it's no longer useful to me or my userbase.
More to the point, my users have been contacting me and asking why one of my recommended security solutions is detecting a threat where none exists. I now have an answer for them: SpyBot is no longer part of my recommended security solution. Simple.
Furthermore, SpyBot has lost one important thing from me: confidence. I can no longer trust your software, or rather, your detection rules. I cannot recommend software to my users when I no longer have faith that the updates to that software will be correct and accurate. So regardless of your response, SpyBot is gone. I am finished with it. So like I said, thanks for the memories, it was a fine program you had until you broke it.
Even the law tells us that the third party is not irrelevant. You may arrogantly think that you're above the law, but we have to take the law as a measure.
And Spybot-S&D detects the documentation file, because even according to your attitude, it is the bad one, because it is the one not telling about this new feature. It was designed to get peoples attention, and our website states on the first page what the matter is exactly.
If you look at the dates, they fixed their hole on Thursday. Our update came out Friday. Since we owe our users detailed checks and not just changes based on news articles, and since Apple didn't care to discuss this with us, we decided to not have our detectives again have to spend the night with overhours instead of their girlfriends, since the updates were finished anyway and we would have to do the whole quality assurance tests again. So your argument about another update our already is invalid.
Anyway, how did they recognize their mistakes? In not telling the public anything what Omniture is or was used for? Was it that they recognized themselves (very unlikely right after the release and probably a lengthy check of quality assurance staff and lawyers) that it was wrong, or was it public pressure? And if it was the later one, our detection may have been a small part of it, thus was useful.
By the way, may I remind you about this new law in your country that makes insults or wrong statements in public forums an offense to criminal law? If I were you, I would be careful in saying that our "sole purpose" was "presenting misleading and incorrect material", because that in itself is misleading and incorrect.
But I forgot the most important thing: Don't feed the trolls!
I really should have noticed before I cared to answer, sorry guys, you got me ;)
Pepi, don't waste more time with Otto42. If he does not want to use Spybot S&D any longer, he is free to do so and it is ok with the thousands or millions of us that do and will continue to do so. We appreciate your efforts.
:bigthumb:
Even the law tells us that the third party is not irrelevant. You may arrogantly think that you're above the law, but we have to take the law as a measure.
They have not broken the law, and insinuated that they have may be an offense in itself.
And Spybot-S&D detects the documentation file, because even according to your attitude, it is the bad one, because it is the one not telling about this new feature. It was designed to get peoples attention, and our website states on the first page what the matter is exactly.
No, SpyBot detects the documentation file because the SpyBot team lacks the guts to take a stand on the issue. Either you claim iTunes is spyware or you do not. As it stands, you have delibrately and intentionally broken your software by having it detect a non-threat, claim that it is a threat, and then fail to remove or indeed to anything about that threat.
If you look at the dates, they fixed their hole on Thursday. Our update came out Friday.
They fixed it on the 12th. You started detecting it on the 13th. And then you have had another update since, on the 20th. That's 13 or 14 days for you to verify that the new installer asks your permission first, depending on your timezone.
Since we owe our users detailed checks and not just changes based on news articles, and since Apple didn't care to discuss this with us, we decided to not have our detectives again have to spend the night with overhours instead of their girlfriends, since the updates were finished anyway and we would have to do the whole quality assurance tests again. So your argument about another update our already is invalid.
Quality assurance tests? Either the thing asks for permission first or it does not. Testing this takes all of 15 minutes, most of that being download time.
Anyway, how did they recognize their mistakes? In not telling the public anything what Omniture is or was used for? Was it that they recognized themselves (very unlikely right after the release and probably a lengthy check of quality assurance staff and lawyers) that it was wrong, or was it public pressure? And if it was the later one, our detection may have been a small part of it, thus was useful.
As would be obvious to anybody familar with the dates involved, your detection came out *AFTER* they had corrected their installer to make the whole thing "opt-in".
By the way, may I remind you about this new law in your country that makes insults or wrong statements in public forums an offense to criminal law? If I were you, I would be careful in saying that our "sole purpose" was "presenting misleading and incorrect material", because that in itself is misleading and incorrect.
a) You are incorrect, there is no such new law in my country, the media has misreported what the law actually says, as is obvious to anybody who's actually read it.
b) My statements are not misleading nor incorrect. They are the simple truth, obvious to anybody.
Let me ask you something else: Why does SpyBot not detect Windows Media Player? It silently sends all of your library information to Microsoft's servers, for the purpose of downloading album art and other metadata automatically. It does this without any user interaction, in the background while you are doing other things. It has had this feature for at least 3 or 4 years now, since WMP9 was first released. With iTunes, not only do you have to click a song for it to send anything out, but it shows that it is sending something out by changing the ministore when you click a song. Much less hidden and much less privacy invading than WMP's capabilities.
Don't bother to answer, I already know why you detect iTunes and not WMP: because you're not interested in actual privacy concerns, only in bashing companies you don't like. Seems fairly obvious, really.
TonyKlein
2006-01-26, 22:50
But I forgot the most important thing: Don't feed the trolls!
I really should have noticed before I cared to answer...
Well, eggzactly...:rolleyes: Our only real mistake was to take the guy seriously in the first place, I guess...
Time to put an end to this farce and close the thread, methinks?
md usa spybot fan
2006-01-27, 00:13
Otto42:
My concern is:
… my users have been contacting me and asking why one of my recommended security solutions is detecting a threat where none exists. I now have an answer for them: SpyBot is no longer part of my recommended security solution. ...
Even if the detection of iTunes 6.02 was an unwarranted false positive (which I personally do not believe it was), is that a reason to expose the people that you advise to the other things that Spybot does detect and correct?
I hope that as an advisor that you will at least point your users to this thread and let them decide for themselves if the merits of your advice concerning abandoning Spybot is warranted.
Even if the detection of iTunes 6.02 was an unwarranted false positive (which I personally do not believe it was), is that a reason to expose the people that you advise to the other things that Spybot does detect and correct?
I hope that as an advisor that you will at least point your users to this thread and let them decide for themselves if the merits of your advice concerning abandoning Spybot is warranted.
It's a simple matter of trust. I can no longer trust the SpyBot team to make unbiased decisions.
Look, I used this software to detect, and remove, possible threats. The team that decides upon and builds the detection rules has shown itself to be biased. Therefore, I can no longer trust that team nor it's detection rules while claiming, in good conscience, to be acting in the best interests of my users.
While it's great that the rules of the 27th have removed this incorrect detection, that's now beside the point. The manner in which the detection was implemented (not solving the "threat" so much as simply providing a means of scaring the user away from iTunes) is the real issue. Even if the detection had been legitimate and iTunes had been the most privacy invading software of all time, the rule used by SB basically detected, and removed, a harmless documentation file. The only purpose of the detection was to scare, or warn, the user about possible privacy invading software. That is ultimately unacceptable. What with the comments on the topic, I can't really believe that it won't happen again, therefore SB remains off my recommended software list. I'll recommend software to my users that actually detects and removes legitimate threats, and whose maintainers have not shown a record of biased behavior.
And if this sounds like trolling, I'm sorry, but it's really not. I'm genuinely disappointed here. Look at it from my point of view. I've used, and highly recommended, this software for years, and this makes me look like a fool. I've had to apologize to several users for my recommendation of SpyBot because of this incident, and it's quite upsetting for this sort of thing to happen. In other words, your actions have burned me here, and I'm a bit ticked about it. Justifiably, I feel. If I felt that the team believed it's actions had been incorrect or something, and they understood the magnitude of the mistake they had made, then I might not be quite so upset, but the response I've gotten here has been quite the opposite, obviously.
Here's another source (http://www.heise.de/newsticker/meldung/68245) about the violation of law.
Regarding quality assurance... we test every update on dozens of configurations. Nice that you know how long that takes.
Regarding your WMP question - if WMP sends data back to Microsoft, that's not the same as WMP sending data to some advertising company.
And yes, it seems fairly obvious that I don't like Apple. All the Macs in my private collection (Color Classic, LC III, 6100), my private iMac, they're all there because I hate them. Sure. I'm so glad that you know me. :rolleyes:
A few words to other readers before I close this topic: when we research software that seems to be legitimate, but has some parts that could be classified as spyware or similar, we usually try to find out whether the company did that on purpose, or if the bad part was kind of a mistake (sometimes it's between those two, of course). The first case is simple, in the second case, we try to communicate with the creators of that software to improve it and restore it's usability.
And the later case is what has happened here. We informed our users without breaking the software, because we were calculating that Apple would react and make it unnecessary - and they did. At the same time, while it would have been exagerated to remove iTunes (when we where sure Apple would do something), we needed to warn our users. And in the end this warning helped, because it made Apple aware of the feelings of many users.
You said it was a question of trust. Well, I say: if we had said nothing, people would trust us less because they would aay we would have just been afraid of the big company Apple. If we had removed everything, people would have lost trust because thanks to Apples quick move that would have been exagerated. So even from the trust level, the "compromise" was perfect.
So imho this was the best that could be done - no permanent harm done either to Apple by removing their whole application, nor to us because we hadn't warned our users. We'll keep you updated...