Full read of thread:
If you were ever wondering where so many of the anti-spyware programs listed on the Rogue/Suspect Anti-Spyware page come from...
...the post leading off this thread is a good start at an answer. Right now the anti-spyware market is hot -- see:
Because the market looks so lucrative, we have a large number of people and companies jumping in with whatever they can get their hands on in the rush to get an anti-spyware application to market and start cashing in.
The problem for these people, of course, is where to get an anti-spyware application quickly and on the cheap? They usually have no experience in the anti-malware industry and they're not that interested in investing the effort to hire a quality research and development team to create an anti-spyware application themselves and do a proper job of it. That would simply take too much time and money.
Depressingly, there is a market out there for "rent-a-coder" anti-spyware applications and definitions databases, and many individuals and firms are perfectly happy to snap these up in order to speed the process of getting an application to market.
Anti-spyware applications are tough to do right, though. Not only are the spyware and adware pests we're seeing becoming ever more devious and difficult to remove, but the number of new pests and variants of existing pests is exploding. Consequently, anti-spyware applications are very "high maintenance," requiring laborious research and development every day of the year. Even the best in the business struggle to keep up.
Good anti-spyware vendors know that quality scan engines and definitions databases can't be purchased on the cheap and off the shelf. The best anti-spyware firms are hiring researchers like mad to update their definitions databases and plowing thousands of man hours into the development of their scan engines because they know that it is vital to be in control of every aspect of their anti-spyware application.
Unfortunately, the number of firms who are truly committed to producing quality anti-spyware programs is very small. The vast majority of anti-spyware applications available on the Net are rebranded cloneware apps produced by rent-a-coder operations who then sell their substandard wares to internet entrepeneurs -- often "mom and pop" type operations with no experience whatsoever in the anti-malware industry but who are looking to make a quick entry into a hot market.
I've actually communicated with a number of these small-time vendors who decided to buy an anti-spyware app on the cheap and jump in. What I've learned ranges from discouraging to downright scary. Some of the vendors aren't familiar with the concept of a "false positive." Still others have very little sense for the threat of spyware or how their own applications fail to detect and remove it.
One vendor I talked with the other day wasn't even familiar with the scan results of his own application. When I detailed the deficiencies in his application's reporting of detected spyware and adware, and he wasn't even aware of the kinds of information his program was neglecting to report. That kind of woeful ignorance is not uncommon among these vendors because they're simply buying rebranded applications and databases from some murky anti-spyware chop-shop.
In this kind of environment, we often see companies and individuals trolling the Net for definitions databases they can buy, instead of hiring quality researchers to do the job properly. Some of you may remember Ashley, the vendor behind Privacy Tools 2004:
»Anti-Spyware Vendor Threatens to Write Malware
After I reported that the beta of a new version of his application was producing ridiculous false positives, Ashley decided he could solve the problems with his application by simply going out and buying a new definitions database. The results were utterly predictable:
Still worse, we've even seen requests for databases that were little more than thinly veiled invitations for unscrupulous parties to rip-off and resell the databases from well-known anti-spyware applications like Ad-aware and Spybot Search & Destroy.
Another popular approach to building a spyware database involves merely harvesting file names and Registry keys from the growing number of anti-spyware research pages available online, such as those found at Pest Patrol's research site, SpywareGuide.com, Doxdesk.com, or Kephyr.com. The data stripped from these sites is then dumped into a file to be used by a relatively unsophisticated scan engine that does little more than perform dumb string scans on the hard drive and Registry, a surefire prescription for producing loads of false positives.
Not surprisingly, the anti-spyware applications that result from this blase attitude towards research are utter garbage. The definitions database is absolutely critical to an anti-spyware application, but the sub-standard anti-spyware vendors seem to regard it as an afterthought at best -- as icing on the cake of a flashy GUI and attractive set of web pages. It's the definitions database, however, that sets the few quality applications apart from the great mass of junk.
Sadly, all too many people out there just don't seem to care. Their only goal is to get an anti-spyware product quick and on the cheap. For a truly depressing read, take a look over the current "spyware" work projects being bid on at RentACoder.com:
It's a sure bet that most if not all of the applications that emerge from that degraded development process will wind up on the Rogue/Suspect Anti-Spyware pages.
Eric L. Howes