Re[2]: Is The Bat spying on me?
Thursday, June 29, 2006, 6:07:33 AM, you wrote: However, I'm still uncomfortable with the idea that The Bat! may be spying on me. Could someone please try to do a better job of comforting me? Joe, if you need some independent reassurance, why don't you use one of the online scans available: http://www.kaspersky.com/remoteviruschk or even better http://virusscan.jotti.org/ -- Tom using TB 3.65.03 on XP Current version is 3.80.06 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Is The Bat spying on me?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 ***^\ ._)~~ ~( __ _o Was another beautiful day, Wed, 28 Jun 2006, @ @ at 21:59:59 -0400, when Joe wrote: J The details on the culprit (found in the Registry) read: J HKU\S-1-5-21-3126995848-1559877500-2177672217-1005-SOFTWARE\RIT\THEBAT!\ Perfect. The registry key TB uses for its own private GUID. Why on earth should Trend take any notice? The only spying going on here is by Trend. Having and using a registry key for configuration and setup data is certainly no indication of malware. Yes, some malware uses the registry. So does a lot of other (probably most) software. Some joker has told trend that this registry key is an indication of malware infection. Tosh. I'll contact Trend tomorrow and see what they have to say. Actually you should rather consult some third party source(s) then, since the both Trend and TheBat are by definition biased. This way you could get much less mere emotional reactions instead of clear and precise reasonable definition what a particular reg. key exactly does and serves for. Until then I only could confirm that the branch/path HKEY_CURRENT_USER\Software\RIT\The Bat! is indeed used for storing configuration data, and that just any application (bad or good one) can make/remove just any registry key anywhere. Whether TB is phoning home should be easiest to determine by a firewall, for instance, and/or any other gadget monitoring activity of programs. - -- Mica PGP keys nestled at: http://blueness.port5.com/pgpkeys/ [Earth LOG: 666 day(s) since v3.0 unleashing] OSs: Windows 98 SE Micro Lite Professional IVa Enterprise Millennium Windows XP(ee) Micro Lite Professional 1.6, and, for TB sometimes, Gentoo and Vector Linuxes via Wine... ~~~ For personal mail please use my address as it is *exactly* given in my From|Reply To field(s). ~~~ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4-svn-4169 o tiger192 (MSYS/MinGW32) iQEVAwUBRKOvIrSpHvHEUtv8AQiU0wf/ZL+4RMqg6tz4gEqt5hUIJejwnlGNElHo 5jTJDU33EWq2rJy7thWV0xbNB2D8fcYanTX2gogFoY+Xx8ix7p6HXf8GWewMx4yP 0SPzUlMoqocuSXeSGhS2JU9RmjkvDzFD80O58t3mEZuWZqiPP93SHr/j2lQNlPQL U7C+8/JstbiKymZaEUylH6LBFfw3PSYBPijERHgKhrlQmXOW1a8b+NTmUF8SqRfW ukN7eIiPYZntqhc3JOW8z3uMzWhXd88o5KxG2d/N5tIOAUw1BCzvBvsqeLxKSTLr DgBo5FvkoBqoCYNI6ggPmgxBvpc2mV9ZVRtq3ZevxlsQf6dQWKvTkg== =83/Q -END PGP SIGNATURE- Current version is 3.80.06 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Is The Bat spying on me?
Hello Greg, Wednesday, June 28, 2006, 10:17:54 PM, you wrote: G Hello Marck, G On Wed, 28 Jun 2006 23:48:04 +0100 GMT(6/28/2006, 5:48 PM -0600 GMT), G per mid:[EMAIL PROTECTED] Marck D Pearlstone wrote: J Maybe it's not Trend's problem? MDP It is .. 100%. They are wrong .. 100%. J Couldn't it be something that The Bat! is doing, that it shouldn't J be doing? MDP No. TB is perfectly entitled (like any and indeed most other MDP applications) to store configuration data in the system registry. G With all do respect why does TB appear to be phoning home? G See attached. With all do respect why does TB appear to be phoning home? See attached. -- Best Regards, Greg PS. Resent with smaller image file. Using The Bat! v3.81.05 Beta on Windows XP Pro 5.1 Build 2600 Service Pack 2 Greg, This seems to be a rational question... and I say this from experience rather than any ulterior motive. On the one hand, I didn't receive the graphic. So I can't comment on what you people may have found or not. On the other hand, I had run Wingate (Firewall Software) for quite some time before I found out it had a phone-home function. The authors of Wingate finally, after pointed questioning, admitted that there was a phone-home function in the software. This seemed absolutely absurd to me, in something I trusted as a Firewall So *I* ask. is there a phone-home function in The Bat! or isn't there??? Yes or NO and how do you know? -- Best regards, Genemailto:[EMAIL PROTECTED] Current version is 3.80.06 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Is The Bat spying on me?
Hello Greg, Thursday, June 29, 2006, 8:26:37 PM, you wrote: G I should apologize to TBUDL TBBETA. I haven't been keeping up with G either TBUDL nor TBBETA, so when I saw my firewall sounding off it was G quite surprising. G So as Ian has appropriately pointed out TB does phone home for program G updates with the ability to turn it off, AND it is NEW feature added in G TB Beta. G Again I do APOLOGIZE and am SORRY! No I don't think an apology is in order as it was a valid question. However, knowing what caused the false positive... I'd have to say thanks to The Bat! team for (1) adding such a useful utility and (2) giving the ability to toggle the function -- Best regards, Genemailto:[EMAIL PROTECTED] Current version is 3.80.06 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Is The Bat spying on me?
I recently purchased a new computer. After installing Trend Micro Systems Anti-Spyware program, and running a full system scan, it was recommended (by the progam) that I delete certain high-risk programs that were detected on my hard drive. Upon agreeing to the deletions (there were about 6, I think), The Bat would no longer open. I went back and restored all the programs, and The Bat miraculously began to function normally again. I repeated this process several times, just to make sure, then I narrowed it down to just one program that was doing the damage. It was named Spyware_Trak_PWStealer. So my question is, why does The Bat have to spy on me? -- Current version is 3.80.06 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Is The Bat spying on me?
On Wednesday, June 28, 2006, 18:43:44, Joe wrote: So my question is, why does The Bat have to spy on me? Because somebody at TrendMicro didn't do his homework. It's called a false positive, and it's nothing unusual with modern anti-spyware programs. -- Jernej Simonèiè http://deepthought.ena.si/ Industry always moves in to fill an economic vacuum. -- Tuccille's First Law of Reality Current version is 3.80.06 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Is The Bat spying on me?
Hello all, Wednesday, June 28, 2006, Jernej Simonèiè wrote: So my question is, why does The Bat have to spy on me? Because somebody at TrendMicro didn't do his homework. It's called a false positive, and it's nothing unusual with modern anti-spyware programs. like Spyware Doctor some weeks ago... -- Bye Marek Mikus Czech support of The Bat! http://www.thebat.cz Using the best The Bat! 3.81.04 under Windows XP 5.1 Build 2600 Service Pack 2 Notebook Acer, Pentium4-M 2.2 GHz, 512 MB RAM, ADSL line Current version is 3.80.06 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Is The Bat spying on me?
On Wednesday, June 28, 2006, 20:26:00, Marek Mikus wrote: like Spyware Doctor some weeks ago... I don't think there's a single antispyware or antivirus program that didn't have any false positives recently. -- Jernej Simonèiè http://deepthought.ena.si/ No matter how many alterations, cheap pants never fit. -- Firth's Law of Tailoring Current version is 3.80.06 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Is The Bat spying on me?
Wednesday, June 28, 2006, 12:43:44 PM, Joe wrote in part: J It was named Spyware_Trak_PWStealer. J So my question is, why does The Bat have to spy on me? You might want to get a second opinion scanner / application: http://www.clamwin.com/ -- Cheers, Ron. _ Music files: Sleeping. Current version is 3.80.06 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Is The Bat spying on me?
A false positive normally connotes imprecise calibration. What's imprecise here? The details on the culprit (found in the Registry) read: HKU\S-1-5-21-3126995848-1559877500-2177672217-1005-SOFTWARE\RIT\THEBAT!\ Why would Trend mistake only The Bat! (out of all the other programs on my computer) as spyware? I've added this item to the Trend whitelist, and The Bat! runs just fine now. However, I'm still uncomfortable with the idea that The Bat! may be spying on me. Could someone please try to do a better job of comforting me? Maybe it's not Trend's problem? Couldn't it be something that The Bat! is doing, that it shouldn't be doing? On 6/28/06, Jernej Simonèiè [EMAIL PROTECTED] wrote: On Wednesday, June 28, 2006, 18:43:44, Joe wrote: So my question is, why does The Bat have to spy on me? Because somebody at TrendMicro didn't do his homework. It's called a false positive, and it's nothing unusual with modern anti-spyware programs. -- Jernej Simonèiè http://deepthought.ena.si/ Industry always moves in to fill an economic vacuum. -- Tuccille's First Law of Reality Current version is 3.80.06 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html -- Joe Current version is 3.80.06 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Is The Bat spying on me?
On Wednesday, June 28, 2006, 22:07:33, Joe wrote: A false positive normally connotes imprecise calibration. What's imprecise here? False positive means that something that is actually harmless was detected as something else. Happens all the time, since in reality no security software vendor can have all versions of all programs to test their definitions against. Maybe it's not Trend's problem? It is, you should contact them. And please, learn to quote. -- Jernej Simonèiè http://deepthought.ena.si/ The new hardware will break down as soon as the old is disconnected and out. -- Goodin's Law of Conversions Current version is 3.80.06 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Is The Bat spying on me?
On 28/06/06, Joe [EMAIL PROTECTED] wrote: However, I'm still uncomfortable with the idea that The Bat! may be spying on me. Whichever spyware scanner you have doesn't actually detect a software's capability of spying on you or it actually doing so. All these scanners (as well a virus scanners) only look for so-called signatures (patterns they recognize) of spyware. So in effect, that registry key you mentioned may look similar to one belonging to a spyware program which is why your software claims it's suspicious. As in: it's black and white (green and silver or white for us Germans) and has four wheels, so it must be a police car. Right? Roman -- I don't have a signature. Current version is 3.80.06 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Is The Bat spying on me?
Hello all, Wednesday, June 28, 2006, Joe wrote: HKU\S-1-5-21-3126995848-1559877500-2177672217-1005-SOFTWARE\RIT\THEBAT!\ Maybe it's not Trend's problem? Couldn't it be something that The Bat! is doing, that it shouldn't be doing? The Bat! is creating and using HKEY_CURRENT_USER\Software\RIT\The Bat! path for storing configuration only, btw *any* app can create *any* registry key and path... -- Bye Marek Mikus Czech support of The Bat! http://www.thebat.cz Using the best The Bat! 3.81.04 under Windows XP 5.1 Build 2600 Service Pack 2 Notebook Acer, Pentium4-M 2.2 GHz, 512 MB RAM, ADSL line Current version is 3.80.06 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Is The Bat spying on me?
Dear Joe, @28-Jun-2006, 16:07 -0400 (28-Jun 21:07 here) Joe [J] in mid:[EMAIL PROTECTED] said: J A false positive normally connotes imprecise calibration. What's imprecise J here? A false positive does not mean that at all. False as in wrong, bad or incorrect. Positive as in passed test or (in this case) detection. It is an incorrect detection. Trend has fouled up. Badly. In the real world Trend would be sued for defamation, but in the soft world there is no such thing. A shame. (Not quite where you got imprecise calibration as a definition there). J The details on the culprit (found in the Registry) read: J HKU\S-1-5-21-3126995848-1559877500-2177672217-1005-SOFTWARE\RIT\THEBAT!\ Perfect. The registry key TB uses for its own private GUID. Why on earth should Trend take any notice? The only spying going on here is by Trend. Having and using a registry key for configuration and setup data is certainly no indication of malware. Yes, some malware uses the registry. So does a lot of other (probably most) software. Some joker has told trend that this registry key is an indication of malware infection. Tosh. J Why would Trend mistake only The Bat! (out of all the other J programs on my computer) as spyware? Because for some reason (currently known only to the programmers at Trend) they have decided to add this key to their list of baddies. It is a mistake. It is incorrect. J I've added this item to the Trend whitelist, and The Bat! runs J just fine now. Good. That should solve the problem for now. Somebody needs to give Trend a good kicking though. J However, I'm still uncomfortable with the idea that The Bat! may be J spying on me. Your discomfort is entirely unnecessary. The Bat! does not spy. Never has. Never will. Nor does The Bat! collaborate with spies and goes out of its way to ensure it never will. Trend has alarmed you for no reason whatsoever. J Could someone please try to do a better job of comforting me? Is this helping? J Maybe it's not Trend's problem? It is .. 100%. They are wrong .. 100%. J Couldn't it be something that The Bat! is doing, that it shouldn't J be doing? No. TB is perfectly entitled (like any and indeed most other applications) to store configuration data in the system registry. I hope that you are suitably reassured by this. I do recommend that you now contact Trend and make twice the amount of noise there as you have here, since the fault is all theirs. You can even copy the text of this message to them if you feel it may help. At least their support service is getting paid to offer advice, unlike us poor souls here! -- Cheers -- //.arck D Pearlstone -- List moderator and fellow end user TB! v3.81.04 on Windows XP 5.1.2600 Service Pack 2 ' pgp9VVw4prwub.pgp Description: PGP signature Current version is 3.80.06 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Is The Bat spying on me?
Joe wrote: However, I'm still uncomfortable with the idea that The Bat! may be spying on me. Could someone please try to do a better job of comforting me? I'll add my voice to the others suggesting you contact Trend. I don't think you'll really feel better until they've told you The Bat! is ok. Also, they'll fix their detection so that others don't get the false positive and go through the worries you are experiencing. -- »Q« Current version is 3.80.06 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Is The Bat spying on me?
[] A false positive does not mean that at all. False as in wrong, bad or incorrect. Positive as in passed test or (in this case) detection. It is an incorrect detection. Trend has fouled up. Badly. In the real world Trend would be sued for defamation, but in the soft world there is no such thing. A shame. (Not quite where you got imprecise calibration as a definition there). I'm a molecular biologist. For example, when you falsely test positive for a certain virus, it's usually because of the way the test (e.g., ELISA, Western Blot, etc.) was calibrated. It's apparently a bad analogy to my problem. J The details on the culprit (found in the Registry) read: J HKU\S-1-5-21-3126995848-1559877500-2177672217-1005-SOFTWARE\RIT\THEBAT!\ Perfect. The registry key TB uses for its own private GUID. Why on earth should Trend take any notice? The only spying going on here is by Trend. Having and using a registry key for configuration and setup data is certainly no indication of malware. Yes, some malware uses the registry. So does a lot of other (probably most) software. Some joker has told trend that this registry key is an indication of malware infection. Tosh. I'll contact Trend tomorrow and see what they have to say. J However, I'm still uncomfortable with the idea that The Bat! may be J spying on me. Your discomfort is entirely unnecessary. The Bat! does not spy. Never has. Never will. Nor does The Bat! collaborate with spies and goes out of its way to ensure it never will. Trend has alarmed you for no reason whatsoever. Okay. Thanks for the feedback. I hope that you are suitably reassured by this. I do recommend that you now contact Trend and make twice the amount of noise there as you have here, since the fault is all theirs. You can even copy the text of this message to them if you feel it may help. At least their support service is getting paid to offer advice, unlike us poor souls here! I didn't know that my voicing of my concern here (with just *one* post) would be considered noise. I'll try to be more quiet the next time. Maybe less than 4-5 words. PS: I apologize for the previous top posting. I'm forced to use my web-based Google Mail account for the the time being, and Google makes it easy to do things wrong. PPS: To everyone else who offered help and reassurances...please accept my thanks! It was much appreciated. -- Joe Current version is 3.80.06 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html