Adware makers threaten critics

It’s bad enough that adware, which can have negative effects on our PCs, has already infected an astonishing number of machines — 80% in one U.S. study. Now, on top of everything else, adware makers are pressuring anti-adware advocates to stop listing their programs as candidates for removal.

In the newest development, iDownload.com has sent cease-and-desist letters to several anti-adware sites. Some of the Webmasters I’ve spoken with say they received the letters on Feb. 15 or 16. Sites that have confirmed to me that they’ve received the letters include Castle Cops, Spyware Warrior, Spyware Guide, and Sunbelt Software, the maker of the CounterSpy adware removal program.

The letters, copies of which have been sent to me by some of the recipients, object to the descriptions of iSearch on these sites and demand that the references be removed.

One iDownload letter, from attorney Mark D. Hopkins, a partner in the Austin, Texas, office of Savrick Schumann Johnson McGarr Kaminsky & Shirley, says in part:

“Specifically, a recent review of materials disseminated by your company, via the Internet, revealed that your company is falsely disparaging iDowload’s [sic] product, iSearch…
“As we all know, Malware is a phrase within the public conscience [He means ‘consciousness.’ —Ed.] that has a specific meaning. ….

“Continuing, unlike Malware, iSearch does not gather any personally identifiable information about end users, does not collect data about the user’s web usage, does not collect any information entered into web forms, does not share information with third parties, does not send or cause to be sent unsolicited e-mail, and does not install items such as dialers on the end user’s computer. …

“To the extent you fail to remedy your improper disparagement of the iDownload brand on or before February 15, 2005, we will take all necessary action against your company to protect iDownload from your continuing tortuous conduct [He means ‘tortious’ or injurious conduct. —Ed.].”

Why adware is bad

At this point in our story, I’d like to stop for a moment. Let’s be clear why I prefer to use the term "adware," not "spyware," for the class of products we’re talking about.

As I wrote in the Jan. 27 newsletter, adware doesn’t need to “phone home” in order to slow down a PC, conflict with other software, or pose security risks. For this reason, I believe it’s pointless to try to divide adware into subcategories, such as “malware” and “spyware.”

I define adware as: A secondary computer program (1) that is installed as a result of a person using a primary, sought-out program or Web site, or the Internet in general, and (2) that generates revenue or other benefits for the promoter of the secondary program.

It’s the “revenue or other benefits” part that causes problems for PC users. A secondary program — one that users didn’t seek out — can only generate benefits for its promoter if the secondary program becomes installed. Such programs, therefore, have no financial incentive to tell users about potential downsides.

These programs have a powerful financial incentive to disclose only possible benefits — or to not say anything at all before installing — in order to run on as many machines as possible. Such programs, therefore, can never be said to have gained fully informed consent from computer users.

Please note that the above definition of adware doesn’t cover a legitimate category of programs: “ad-supported software.” This includes the free Opera browser, which displays ads within its window, or Google ads, which are also displayed within the primary window. Only when such ads become divorced from the primary program is there a breakdown of responsibility. This disconnect leads to a high potential for PC users’ machines to be slowed down or exposed to other risks.

If I thought “spyware” was a meaningful term, I’d use it regardless of any legal threats. But it’s a vague and imprecise term, and I urge the computer industry to abandon it.

Cease-and-desist as a software feature

Having said that, I strongly defend the right of anyone to call a computer program "crapware" or any other term that may be the writer’s own personal opinion.

My own investigation of the situation reveals that some people who received letters from iDownload haven’t written anything that could remotely be considered defamatory.

Suzi Turner, the owner and Webmaster of Spyware Warrior, said in a telephone interview that one of her sites that received a cease-and-desist letter, NetRN.net, had never even written an article about the iSearch Toolbar before now.

A search of her site that I conducted using the Google index confirmed this. Turner has periodically reprinted in her postings an updated listing of software programs identified by Ad-Aware, a well-known anti-adware utility from Lavasoft. Over several months, the words "iSearch Toolbar" were included a few times in these lists. But Turner herself had never even written as much as a complete sentence about the software.

iDownload’s CEO responds

The iDownload.com site provided me with conflicting information about iSearch when I inquired. The company, which is based in New York City, doesn’t publish a telephone number on its site. I submitted the following question, therefore, to iDownload’s Live Help service: "Letters regarding the iSearch Toolbar?"

This cryptic query was apparently enough to trigger a standard response. Within a few moments, a tech identified as Mark provided the following reply in the Live Help window:

“iSearch is its own independent company that markets many affiliate programs. I believe they have removal instructions and an automatic removal tool on their FAQ page at isearch.com. I don’t know any other info about their company or software.”

He quickly terminated the Live Help session after sending this message.

Mark’s statement obviously conflicted with attorney Hopkins’ letters, in which he stated that iSearch was “iDownload’s software product.” So I sent an overnight letter to iDownload’s headquarters, requesting a telephone interview.

When iDownload’s CEO, Arlo Gilbert, called me, I asked which companies had received a cease-and-desist letter from iDownload’s attorney. “It would not be in our best interest to share that list,” Gilbert said.

He did assert that the letter was having the desired effect. "The majority of sites we’ve contacted have taken down or properly classified iSearch," Gilbert stated.

When asked to name some of the sites that had complied, Gilbert answered, "I’m not going to share that information. It would be shooting a gift horse in the mouth."

Gilbert added, "The people who are profiting off this information and have not reclassified the information will be sued." When asked for the names of some companies that iDownload has filed suits against, Gilbert said, "We’re not going to reveal it," but added that the suits were a matter of public record that could be looked up.

Two telephone messages seeking the names of the companies being sued were left with Mark Hopkins’ office, including one left with an assistant. These calls were not returned within two days’ time.

Expert opinions on iSearch

The iSearch Toolbar has received a lot of interest from experts on adware, who have a lot to say about it and iDownload.

Eric Howes, a noted anti-adware program tester (see the Jan. 27 newsletter), has written extensively about iDownload in the DSLReports forum. In a Feb. 21 posting, Howes says iDownload last year distributed an add-in program known as the HotSearchBar. This program displayed a dialog box, according to Howes, that represented itself as “Required: Media Player Version 9 Browser Update.” A screen shot of this dialog box, provided by Howes, is shown below:

According to Howes, clicking Yes did not install a Media Player upgrade but instead loaded HotSearchBar. Many PC users would be likely to click Yes when presented with such a dialog box, because media files often require updated codecs or Media Player versions. The fact that the signature of the program was "verified" by Thawte, a certificate authority, provided additional assurance to users.

Regarding the iSearch Toolbar specifically, Howes points to an analysis by Andrew Clover at his Doxdesk.com anti-adware site. Clover states in that analysis that iSearch is a variant of Pugi, which he calls "a family of customised toolbars/browser hijackers." He adds, "Pugi/iSearch is installed by ActiveX drive-by-downloads triggered by Windows Media DRM licensing… and also through exploitation of IE security holes."

Additionally, Symantec’s Security Response database lists the iSearch Toolbar. It says of iSearch, “It is a search hijacker and also tracks user activity on a remote server at isearch.com.”

Finally, PC users should take note of the End User License Agreement posted by iSearch at Toolbar.iSearch.com/terms.html. In addition to agreeing to numerous other conditions merely by installing iSearch, you agree that the program may "without any further prior notice to you… install software from iSearch affiliates; and install Third Party Software."

When you install adware, you never know what you’re really going to get.

Anti-adware apps reverse course on WhenU

This one cease-and-desist outbreak might not be so important if it weren’t for the fact that a few anti-adware programs mysteriously removed some other adware programs from their detection lists recently.

Ad-Aware and Pest Patrol, an anti-adware program from Computer Associates, raised security experts’ hackles this month when the two utilities quietly delisted WhenU software. WhenU distributes, among other things, Save.exe, which PC PitStop and other rating systems report to be adware.

Eric Howes reports that WhenU was inexplicably missing from Ad-Aware’s Feb. 5 update file. According to Howes, Pest Patrol also stopped identifying WhenU around the same time. Both companies, furthermore, stopped listing WhenU in their online databases of adware.

As if this didn’t anger security experts enough, the two anti-adware companies said nothing about the changes in their regular user notifications of additions and deletions to their databases. Howes says users received no notice of the shifts, causing all sorts of suspicions to fly.

In a statement on a Lavasoft forum, employee Chris Fry confirmed on Feb. 15, "WhenU was indeed removed from our database by research in the last definition file. This was due to WhenU not scoring more than 2 TAC points at the time. In case it turns out that the removal was incorrect, WhenU will naturally be reintroduced to the database."

"TAC points" are behaviors listed in Lavasoft’s so-called Threat Assessment Chart. The company considers a program that exhibits three or more of these behaviors to be a risk to PC users and eligible to be removed by Ad-Aware.

Surprisingly, an adware program can both display ads as its primary function (gaining one TAC point) and have no apparent way to uninstall it (another point) and still fall below Ad-Aware’s three-point threshold. In my opinion, any one "TAC point" should be enough to empower a PC user to remove such a program.

The uproar among Ad-Aware users over the change grew so furious that Lavasoft has been forced to post a separate uninstaller for WhenU. Michael Wood, a Lavasoft forum administrator, has also announced that the company is going to re-evaluate its entire threat-assessment scoring system.

For its part, PestPatrol restored seven variants of WhenU software, including Save.exe, to its detection database on Feb. 17, according to the company’s New and Improved Detections page. (This page may soon be updated, making the listing for update 05021721 inaccessible, when the next Pest Patrol update comes out.)

All this activity is enough to make your head spin. What’s obvious is that there’s big money at stake now for companies who think it’s fine to install software on users’ PCs to display ads. The anti-adware battles are only beginning.

To send us more information about adware, or to send us a tip on any other subject, visit WindowsSecrets.com/contact. You’ll receive a gift certificate for a book, CD, or DVD of your choice if you send us a comment that we print.

Table of contents

By Susan Bradley

The latest SMB patch means a little bit of not-so-friendly file sharing.

Since my last Patch Watch column, the good news is that we haven’t seen any exploits or vulnerabilities targeting the Server Message Block (SMB) patch MS05-011. The bad news is there have been a few issues that have popped up, one with a resolution, one still under investigation at this time.

First up is an issue with SNAP servers that prevents connectivity when MS05-011 is installed. A possible fix was reported in the PatchManagement.org discussion list. The workaround involves going to the SNAP admin pages, Network settings, Microsoft Networking, selecting "Advanced," and then deselecting Enable NT SMBs. You may, however, prefer to simply uninstall the patch, call Microsoft Product Support and report the issue in hopes of an official fix.

The second unresolved issue is with this same patch on Windows XP SP2 machines and peer-to-peer networks and Office 2000. Users are reporting that they cannot use Save As after opening a document.

What to do: At the present time, I strongly recommend that anyone seeing this issue remove the patch. To do so, go into Add/Remove Programs and uninstall the patch labeled 885250.

Last but not least, a few reported issues with NT4 servers and the MS 05-010 patch appear to have recently arisen.

What to do:go into Add/Remove Programs and remove the patch labeled 885834.

If you have an issue that causes you to remove a security patch, I feel strongly that you should call Microsoft and report the problem. It’s the action of reporting the issue that fixes the patch.

Due to the fact that all of these problems were caused by security patches, it will be a free call to Microsoft. In the U.S., call Microsoft at 866-727-2338. In other countries, check Microsoft’s support page to look up the correct local number.

Upgrade MSN 6.x or else!

For those of you running MSN 6.x versions, you may have noticed that you were forced last week to upgrade whether your liked it or not. Anyone running the beta of MSN 7.0 however, was already protected from the PNG vulnerability that was described in MS 05-009.

Interestingly enough, my home computer was offered up the update because I was running the 4.7x version of Windows Messenger, but on the workstations at my office, Windows Messenger 5.0 users were not forced to upgrade. This WM product is the "standalone" version that plugs into Live Communication Server.

In my firm, this meant I had to use my server’s group policy ability to push out the new 5.1 version to all my workstations. You may wish to review your version of Windows Messenger to ensure you’re protected.

For many companies, this has been a wake-up call as far as who is using Instant Messenger in their offices. Just as important as technology is the "human" element of IT. The SANS.org web site has an excellent resource for Internet use policies on this subject. If you’re in charge of IT at your firm, you should review and put a policy in place regarding whether or not IM is permitted inside your firm. To totally remove Windows Messenger, you can use a script file provided by Doug Knox.

Windows Media doesn’t need a patch… oh wait, it does….

I launched Windows Media player last week and thought it a bit odd for it to prompt me to be update it.

Well, it turns out that an issue with the DRM portion of the player that could be used to download spyware was initially defined as "not a problem" by Microsoft. But the flaw actually does need a patch, which Microsoft provided on Feb. 15 in Knowledge Base article 891122.

Firefox IDN bug and IE revisited

Bill Gates last week announced a beta for a new IE 7 browser that may ship later this year. But that still means we have a lot of unpatched items on Secunia’s Internet Explorer Security shopping list. Unfortunately, IE isn’t the only browser that can have security holes.

The Firefox and Mozilla browsers are affected by spoofing and phishing attacks involving internationalized domain names (IDN), as I described in this space last issue. A hacker using IDN can make a hacking site appear to be any other Web address, such as paypal.com, in these browsers’ Address Bar.

What to do: The workaround I gave then for these “homograph” attacks — i.e., change network.enableIDN to false in Firefox’s about:config settings — has been adopted by Firefox as a temporary measure. A forthcoming 1.0.1 release of Firefox will set this option to false by default. A better solution that doesn’t totally eliminate support for IDN is expected to be included in Firefox 1.1.

A different workaround to eliminate the security hole is to close FireFox, then open the compreg.dat file from the user profile, using a text editor. Look for the entries for IDN and idn and set a quote mark (") at the beginning of those lines. This will disable Firefox’s ability to visit sites that use IDN notation, but hopefully this will be only temporary. IE, of course, isn’t vulnerable to this problem because it never offered support for the new IDN sites at all.

Susan Bradley is a Small Business Server and Security MVP — Most Valuable Professional — a title bestowed by Microsoft on independent experts who do not work for the company. Known as the “SBS Diva” for her extensive command of the bundled version of Windows Server 2003, she’s a partner in a CPA firm and spends her days cajoling vendors into coding more securely.

Table of contents

By Chris Mosby

The Internet isn’t the glamorous "Oz" that it used to be in the beginning. There are plenty of "wicked witches" and "wizard" hackers out there ready to do whatever they can get away with on your computer — if you don’t know what they have in store for you.

Even saving pictures is dangerous with IE 6

Here you are, minding your own business, checking out the latest pictures on CuteFluffyBunnies.com when you see it. The cutest and fluffiest bunny picture you have ever seen. You just have to have it for your collection. You right click the picture and choose Save Picture As to save it. The name of the file looks a little different that other pictures that you’ve downloaded from this Web site, but you download it anyway. The picture is just irresistible.

As soon as the picture hits your download folder, your hard drive starts to grind and your system starts to slow down. That’s odd, you think to yourself, the last time that happened was when you got hit with that virus last year. Surely that precious bunny picture didn’t have anything to do with it…

Could the same thing happen to you by just doing something as innocent as saving a picture from the Web? It sure can with Internet Explorer 6 under the right conditions.

The problem is caused by the file extension — i.e. *.exe, *.doc, etc. — that IE uses when saving pictures using the Save Picture As option. IE uses the extension from the Web address, instead of the real file extension.

This can cause the last extension to be dropped if more than one exists — such as in the filename bunny.hta.jpg. This file, when saved by IE 6, can become bunny.hta on your computer. The end result is that an infected "HTML Application" (.hta) or other executable file has been downloaded to your computer. Used with other IE vulnerabilities, anything can happen from there. Proof-of-concept code is already publicly available for this problem. It’s been shown to work on a “fully patched” Windows XP SP2 system with IE 6.

This problem has received less attention than other vulnerabilities because the Windows Explorer setting Hide extensions for known file types must be turned on for the trick to work. Knowledgeable users turn this off, so the problem doesn’t affect them. But the Windows default is "on" and many users never change it.

What to do: Disable the Hide extensions for known file types setting. This can be accomplished as follows:

• Step 1: Open the Tools menu in Windows Explorer.
• Step 2: Click Folder Options and select the View tab.
• Step 3: In the Advanced Settings box, scroll down until you find Hide extensions for known file types and uncheck the box.

More info: Secunia has an advisory detailing this problem, and Microsoft has an article that describes this from a non-security point of view.

Hackers can turn your mouse against you

There used to be a time when you could take certain things for granted. When you put your mouse over a link on a Web page, and the Web address showed up in your status bar, you’d expect the link to take you there. These days, even that is not the case anymore.

SecurityFocus reports a problem in IE in which a link you hover over with your mouse appear legitimate in the status bar. If you right-click such a link and open its Properties dialog box, a legitimate URL appears there, too. Despite this, the link would actually go to a completely different page. This could fool you into landing on a hacker site, which could steal your personal information or try other hacker tricks.

SecurityFocus has two exploit samples available that could easily be cut and pasted into a live Web page. I gave them a try myself, and found the exploit easy to setup.

While I was testing these things, I received a security warning from IE 6 SP2 browser when the page loaded. This version of IE was intelligent enough to know something was up, but all I had to do was dismiss the warning and the exploits worked like a charm.

What to do: The discovery of this is pretty new. The best suggestion I have, if you must use IE to visit random Web sites, is to follow the IE hardening guidelines detailed in the Nov. 11, 2004, issue of the Windows Secrets Newsletter. This should minimize the risk of this problem.

For more information and updates on this IE vulnerability, check out the full details at SecuerityFocus.

Chris Mosby is a contributor to Configuring Symantec Antivirus Corporate Edition and is the Systems Management Server administrator for a regional bank. In his spare time, he runs the SMS Admin Store.

Table of contents

By Paul Thurrott

MSN Search isn’t the only search service with advanced features: If you’re looking to find a local restaurant or other service, or find map-based information, Google’s got you covered too.

In the Feb. 10 issue of Windows Secrets, I looked at some of the unique Encarta-based searches you can perform with MSN Search. But MSN Search is a bit late to a game that Google has been dominating for some time. And as you might expect, Google offers a number of unique searches of its own.

Finding what you need

Google this month launched a new mapping service. This integrates with Google’s existing “local” directory (described below), but is interesting in its own right:

Maps. If you’ve ever used an application like Microsoft Streets & Trips or MapPoint to find geographic-based data, you’ll appreciate the new Google Maps service, which is currently in beta.
At its heart, Google Maps is similar to Yahoo! Maps, helping you find directions.

But Google Maps isn’t just about directions. It can also be used to find businesses in a particular area, including restaurants, hotels, and even Wi-Fi hot-spots.

Its most amazing feature, perhaps, is real-time zoom: You can move from a view that includes all of North America down to the street level with the click of a mouse. And as you resize the browser window, Google Maps resizes the current map to match. It’s quite impressive.

Other interesting but largely undocumented or unobvious things you can find with Google are:

Local. If you want to find specific businesses and services, Google’s latest service, Google Local, is your best bet. Similar to the “Near Me” functionality in MSN Search, Google Local lets you enter the name of an establishment (e.g., Legal Sea Foods) or establishment type (e.g., seafood) in its first search box, followed by a location (e.g., Boston) in the second. Search results are returned in a list accompanied by a map that shows you exactly how close each establishment is. Google Local is a wonderful tool for finding places near you.
Track FedEx and UPS packages. Google lets you track FedEx and UPS packages. Simply type in your tracking number and hit the Search button. You can also search by an amazing range of other numbers, including UPC codes (e.g. 085896640684), area codes (e.g 781), and even patent numbers (e.g. patent 6856696).
Definitions. To tell Google to search specifically for a definition, type the word define before your search (e.g. define debacle). When you do so, the first search result link will be for Web definitions for the term you entered. You can click on that link to get more definitions.
Answers to questions. If you’ve got a particularly tough question that isn’t being answered with normal Google searches, and don’t mind paying a bit for the answer, you can visit Google Answers. Here, you can pay between $2.00 and $200 for a human researcher to find the answer to your question, generally within 24 hours. Google employs over 500 researchers for this purpose.
News. Google News is an amazing Web experiment in news aggregation that, if successful, could very well change the way Web users find out about the world around them. The Google News home page is auto-generated every few minutes using over 4500 news sources, creating an ever-changing view of top stories, and news from around the news, the US, entertainment, sports, science and technology, health, and other topics. And naturally, you can search for news items. For example, if you heard about a Microsoft security initiative on the way home from work, you might visit Google News and search for Microsoft security to get more information.

Finding more information

Chances are, if you need to find something, Google will help you do it. But in an effort to keep its characteristically Spartan home page as clean as possible, some of the company’s services and tools are well-hidden. For a list of many other Google search types, check out Google’s Web Search Features page. Google also maintains a list of its other services, like Alerts and Images, and its other tools, like Blogger and the Google Toolbar, on its More, More, More page.

Paul Thurrott, associate editor of the Windows Secrets Newsletter, is the author of Windows XP Home Networking, 2nd Ed., and Great Digital Media with Windows XP and the author or co-author of several other books.

Table of contents

Reader Frank Markus submitted a disturbing contribution this week regarding the dangers of a tainted Windows OS being used to hide software of ill intent:

“There may be a very good reason that I have been unable to locate the malware that is troubling my computer: it may not be detectable.
“There is a new type of malware called a “kernel rootkit.” A rather brief article in the current Inquirer gives a summary of this new threat.”

MS warns of new-style rootkits

A longer article in Computerworld on the same subject bore the ominous title “Microsoft on rootkits: Be afraid, be very afraid.” The article makes it all too clear why:

“Once installed, many rootkits run quietly in the background, but can easily be spotted by looking for memory processes that are running on the infected system, monitoring outbound communications from the machine, or checking for newly installed programs.
“However, kernel rootkits that modify the kernel component of an operating system are becoming more common. Rootkit authors are also making huge strides in their ability to hide their creations, said Danseglio.

“In particular, some newer rootkits are able to intercept queries or ‘system calls’ that are passed to the kernel and filter out queries generated by the rootkit software. The result is that typical signs that a program is running, such as an executable file name, a named process that uses some of the computer’s memory, or configuration settings in the operating system’s registry, are invisible to administrators and to detection tools…”

‘Ghostbuster’ may help uncover kernel infections

Microsoft has been keen on this issue for some time and has published several documents relating to the matter. They’ve also developed an internal proof-of-concept tool called Strider GhostBuster to identify affected files.

In a whitepaper released on Feb. 22, Microsoft researchers describe a technique they call “cross-view diff,” which is employed by GhostBuster to detect files hidden by kernel rootkits. The approach leverages the nature of the hidden files to expose them. Cross-view diff looks at the OS through the possibly tainted normal means — Registry editor, Task Manager, Windows Explorer, and the like — and then compares those results with a low-level “truth” or “truth-approximation” scan, which is not susceptible to the same exploits:

“Ghostware programs hide their resources from the OS-provided Application Programming Interfaces (APIs) that were designed to query and enumerate them. The resources may include files, Windows Registry entries, processes, and loaded modules…
“Instead of targeting individual stealth implementations, we describe a systematic framework for detecting hidden resources of multiple types by leveraging the hiding behavior as a detection mechanism…

“To detect files hidden by ghostware, our GhostBuster tool performs the high-level scan using either the [system] APIs or the dir /s /b command, and performs the low-level scan by reading the Master File Table (MFT), which is the core of the NFTS volume structure, and other NTFS metadata directly. A comparison of the two scans reveals hidden files.”

A technique similar to the one mentioned above is used to detect hidden Registry entries and hidden processes. While Strider GhostBuster is not a publicly available tool at this time, we can expect to see the techniques discussed in the above whitepaper to become more prevailant in future malware detection tools. For more information, see Microsoft’s rootkit page.

Reader Frank Markus will receive a gift certificate for a book, CD, or DVD of his choice for sending us a tip that we printed.

Table of contents

Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com).

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.

Your email subscription:

Subscription help: customersupport@askwoody.com

Plus Membership

Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.

AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.

Welcome to our unique respite from the madness.

It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Adware makers threaten critics

Plus Membership

Search Newsletters

Search Forums

View the Forum

Search for Topics

Recent Topics

Recent blog posts

My Profile

Key Links

Remembering Woody

Adware makers threaten critics

In this issue