Virus/Spyware/Adware/Malware FAQ

• My antivirus software reports that your product is infected with a virus. Is that true?
• I'm sure my computer is otherwise clean, but why does my antivirus tell me that your software is infected?
• I still don't believe you; you guys are trying to dupe me.
• My anti-adware software reports that your product is adware. Is that true?
• My anti-spyware software reports that your product is spyware/malware. Is that true?

Q.My antivirus software reports that your product is infected with a virus. Is that true?
A. It may well be true, but only in the following cases:

• It could have been infected after it was installed on your computer, i.e. other infected executable file(s) infected our product's executable file(s).
• You did not download our product from our official Web site, www.tamos.com. We can't control what you download from 3rd party sites, and some malicious sites may be offering infected software for downloading.
• You downloaded a so-called "crack" (patch, keygen, etc.) for our product. Some cracking sites capitalize on users' desire to enjoy software without paying for it, but such users end up getting a virus along with a crack.

So if your computer is clean, you downloaded our products from our official Web site, and you didn't download any cracks, the chances that our file is infected are virtually zero. At TamoSoft, we maintain stringent security measures to make sure that our products are clean. Of course, one may picture a criminal who clandestinely sneaks into our office under cover of the night with a floppy disk in his pocket, boots up one of the developers' computers, breaks the password, then breaks the crypto disk protection, and then infects our files with the worst virus ever, but this is highly unlikely. It has never happened so far, and we'll do our best to make sure that it doesn't happen in the future.

Q. I'm sure my computer is otherwise clean, but why does my antivirus tell me that your software is infected?
A. . It's called a "false positive". Antivirus software is not ideal. Every antivirus in the world had in the past, currently has, and will always have false positives; this is simply inevitable. It scans the file, finds some pattern that looks like a virus and alerts you. We've seen this a few dozen times. We usually immediately contact the antivirus makers and ask them to fix the bug in their product. Typically, they fix it within a day or two. For computer nerds (newbies, please skip this part): once an AV found a virus in our DLL, but the problem was that it contained nothing but BMP resources for displaying on the IE toolbar. No executable code whatsoever. No entry points. Pretty funny:-) And they didn't even say "thank you" when we told them about it.

Furthermore, our software is digitally signed (see the illustrations below to find out how to check the signature on the setup file). The digital signature certificate is issued by VeriSign. VeriSign verifies the contact information of every software publisher before issuing a certificate. Do you really think that we are distributing infected software and sign it, thus clearly identifying ourselves as criminals?

Q. I still don't believe you; you guys are trying to dupe me.
A. Ok, fine. Send the infected file to the antivirus makers. Let them check it. They'll check it and tell you it will have been a false alarm. In fact, we'd be grateful if you could do that, this would save us much time we'd otherwise spend on explaining all of the above-said to our users. And your antivirus makers will hopefully be grateful to you too, as you help them improve their product.

Q. My anti-adware software reports that your product is adware. Is that true?
A. Complete nonsense. You know, we've been in software business for many years; we're serving probably half of the Fortune 500 list and hundreds of government and law enforcement organizations all over the world. Believe us, we have more interesting and lucrative things to do than displaying stupid online casino ads to you and ruining our reputation by doing so.

Q. My anti-spyware software reports that your product is spyware/malware. Is that true?
A. Nonsense again, but this is an interesting topic. Let's spend five minutes of your and our time on this. As you know, spyware is a class of malicious software that takes control of the computer's operation for the benefit of a third party without the owner's consent. We've never made spyware and never will. In fact, our network monitoring products help in detection and identification of spyware. A number of antispyware vendors, e.g. Lavasoft (they make AdAware) use our products in their daily work. Nevertheless, we're aware of several cases where our products were detected and reported as "spyware" by antispyware programs. The reasons for these inclusions varied:

• A simple human mistake (see about "false positives" above). Example: Acronis Privacy Expert detected CommView for WiFi as spyware. Action taken: Immediately removed when we reported this problem to Acronis.
• Antispyware makers try to impress you by the sheer number of spyware products they can detect. They simply shoot before they think because, in their opinion, it's cool to say, "we can detect 50,000 spyware products" on their Web site. So when a summer intern hired to search for spyware finds anything more complex than a Windows calculator, he includes it in the database. We saw an antispyware program that reported that a text on anarchy as a dangerous "pest". No kidding. Plain ASCII text. Really. A TXT file. Example: PestPatrol detected Essential NetTools and CommView as malware. Action taken: Removed, but not before our lawyer wrote an official letter explaining to the makers of PestPatrol why they're wrong and why they'd lose the case in court.
• Antispyware as a weapon against competitors. Let's say you make a network analyzer and an antispyware product. You want everyone to use only your network analyzer, not your competitor's. So what do you do? Right! You add your competitor's network analyzer to the spyware database so that your antispyware software detects and reports the competing network analyzer as dangerous spyware. Isn't it cool? It sure is, and some companies do that. Example: CounterSpy by Sunbelt Software detected CommView, CommView for WiFi, and CommView Remote Agent as "Dangerous utilities" and recommended immediate removal. CounterSpy did NOT detect LanHound network analyzer by Sunbelt Software. Nor did it detect Microsoft Network Monitor (nobody wants to get sued by Microsoft). Action taken: Moved our products from the "Dangerous utilities" category to the "Potential I.T. Risk" category and changed the danger level from "High" to "Low" when we reported this problem. "Potential I.T. Risk" from professional IT tools? Huh? Ok, whatever. If they don't understand that this story stinks, we'll probably fail to explain this to them. The funny part is that their nice little trick didn't help LanHound win. LanHound was discontinued.

As a conclusion, we'd like to mention that, unfortunately, classic antispyware is not very efficient. Spyware detection uses primarily file checksums and, sometimes, signatures (byte patterns) when searching for malicious files. In the world of modern software, where EXE packers, including polymorphic ones, are not uncommon, every new file version may be completely different from the previous one. In other words, if your antispyware program detects SomeDangerousPest 2.0.0.7, it doesn't mean that it will detect version 2.0.0.8 of the same program. Keeping a large spyware database up to date is virtually impossible. Antispyware programs are only small part of the security arsenal that must also include firewalls, antivruses, intrusion detection systems, physical security, and, most importantly, common sense.