I’ve received requests from representatives of WeatherBug and DivX that a retraction be posted. Where DivX is concerned, Thomas Hungtington, Corporate Communications Manager wrote, “No version of DivX software has contained any adware product since July of this year with the release of the DivX 5.2 product suite. Early versions of DivX software did include an optional adware bundle, but that is no longer the case.” I applaud DivX’s committment to exclude adware from future releases of their software.

Pete Celano of WeatherBug wrote, “WeatherBug is not spyware nor adware, and distributes neither,” and requested a retraction be posted. We epxlained to Mr. Celano that the statement in the article was based on research conducted while developing the article, and on first-hand experience working with systems loaded with the WeatherBug.

The MySearch toolbar is bundled with the WeatherBug Browser Companion. While WeatherBug in and of itself may not be adware, packaging the WeatherBug Browser Companion with the MySearch Toolbar would seem to make it so. Do a Google search on “mysearch” and consider the results. It doesn’t strike me as a “friendly” product to have on your computer systems. Take away the “MySearch” bundle and WeatherBug loses some of its bad rap.

While it is possible for malware to do significant damage including identity theft, where are the studies that show actual damage has occurred in X% of the cases? Using scare tactics to sell malware detection and removal services is unethical. I would like to see some reputable organizations produce some comprehensive data on the actual danger of malware.

As said in the acticle, there are free spy removal tools! Of cource they do accept donations… but, hey, probably those donations can hardly keep the project going … I don’t think they actualy allow much room for scare tactics marketing campains. And on the, reputable organizations doing research, subject… you can bet your job that Microsoft (who after all is the one to blame for all the ichy things lurking on your harddrive) did a lot of market research before taking the course of a more secure operating system (think win2k3, XP service pack 2, bundled firewall, a soon to come (probably)bundled anti-virus…). But there’ nothing to worry yet for people like you… you’ll still have a job for a few years from now: http://www.securityfocus.com/archive/1/378885/2004-10-16/2004-10-22/0 .

There needs to be a distinction made between the possibility of something happening and the probability of it actually happening. Just because something is possible doesn’t necessarily make it probably. Say for example that it is possible for a burglar to break into your house tonight. Does that necessarily make it is probably that one will rob you tonight? No, there is usually a vast difference between the possibility and the probability of something happening.

While it is possible for malware to do significant damage including identity theft, where are the studies that show actual damage has occurred in X% of the cases? Using scare tactics to sell malware detection and removal services is unethical. I would like to see some reputable organizations produce some comprehensive data on the actual danger of malware. It should not just spout percentages of systems that have malware detected or number of malware programs or traces detected but rather show some statistical data showing the actual danger to PC users in the way of how much of this stuff ends up actually damaging the user versus how much of it is just an annoyance.

This whole area is still too new to have matured in the reporting on it but let’s not all just follow in lockstep like all the emperor’s people and parrot what everybody else is saying just because everybody else is saying it and we don’t want to appear like we are the only one who might see things differently.

Malware is a danger but we need to be careful to understand just how much or how little a danger it really is.