Trend and Hijackthis.

[Humpty]

HijackThis is now spyware?

 

Merijn, the creator of HijackThis? recently sold the popular application used to remove malware to Trend Micro?. In addition to improvements like support for Windows Vista?, they?ve added a deceptively titled ?AnalyzeThis? button. While the average user likely thinks the AnalyzeThis button provides helpful information for diagnosing their log, it?s main purpose is to send the HJT log data to Trend Micro. Unfortunately, unless you carefully read the Trend Micro End User License Agreement, you would probably never know that the AnalyzeThis button submits the data from your HijackThis log to Trend Micro for use by them and their partners.

 

Trend Micro?s version 2.0.2 of HijackThis is currently supported by TomCoyote in the forums. The Vista support and other improvements make it a necessary tool in some instances, and there are frankly few other good alternatives (although some are in development). Unless version 2.0.2 is requested or required by a Vista installation, we recommend the continued use of HJT version 1.99.1.

Article

[unsober]

sigh... that's just great

 

thank you very much for posting this, i would of never known

i'll be sure not to press that button

[Andavari]

How is that not surprising.

[fireryone]

Yeah, Iv'e used the button but it doesn't provide much in the way of useful results,

The most I could get out of it was a comparison of my log to others (eg % of users with the same entry's)

[Andavari]

Yeah, Iv'e used the button but it doesn't provide much in the way of useful results,

The most I could get out of it was a comparison of my log to others (eg % of users with the same entry's)

I had used it once before this info posted by Humpty was known and I noticed it being of no use really. Even the Trend Secure website states that usually a person analyzes the logs, or at least it used to - I haven't checked to see if they've changed anything.

[Sockdown]

I never used that button, cause to me, it felt suspicious. I don't know, maybe I'm paranoid about certain features in products lol.

[Matt_]

Spyware is not to be confused with malware...

 

I seriously doubt the notion that TrendSecure is selling information they collect with user logs to third-party advertisers.

[fredvries]

I am confident that Trend Micro only added the AnalyseThis button to assist users. Naturally they hope that new infections will be reported back to them because they can add this to their databases. But spyware? No, I don't think so.

[LUSHER]

Come on guys. I know you hate big corporate Trend and you think the antispyware at TomCoyote are saints, but this time they are wrong.

 

Okay, so when you upload something to Trend it gives you %tages of how common it is, which might be useless. Okay say I grant you that.

 

How does that make Trend Spyware? The button is clearly labelled that it will upload it to Trendsecure. And it only does that if you press the button. How is this "Deceptive"?

 

Besides how is this spyware? Similarly some antiviruses have features where you can choose to upload suspicious files to the vendors for checking but only if you click the button, so that's spyware too?

 

Come on guys, Think! Resist spreading FUD.

[Anthony A]

There was thread about the new version of Hijackthis and in that thread it was said the there was no reason to keep the older version because the new one had many improvements. Now what?

 

http://forum.piriform.com/index.php?showto...t=0&start=0

[LUSHER]

There was thread about the new version of Hijackthis and in that thread it was said the there was no reason to keep the older version because the new one had many improvements. Now what?

 

http://forum.piriform.com/index.php?showto...t=0&start=0

 

This thread changes nothing. Hijackthis is not spyware. Pretty much everyone who is anyone has agreed that the blog content is wrong.

 

JeanInMontana MSMVP and noted figure in antispyware circles summarised the reactions to this silly accusation at

 

http://blog.malwareteks.com/?p=133

 

"IMO calling it spyware is stretching the definition of what that word means to most of the community. There are several other reputable programs that have some sort of upload function. Some are for false positive reporting, others for submitting possible malicious files. What Trend Micro has done is really no different.

 

The thing doesn’t work or didn’t when I tried it. It did nothing. I could get behind addressing that issue.

 

I think it could be detrimental in the hands of a inexperienced person, but so can the older versions. HiJack This! has always been a tool if used improperly there is/was chance of disaster.

 

I have actually used it since it was still in beta at Malwarebytes. Marcin instructs users to install and scan with it to remove the 022 lines not shown in older versions. I found no problems.

 

There is a ruckus amongst the forums and most comments I’ve seen are opposing Blair’s opinion.

 

http://www.castlecops.com/postlite196457-.html

 

http://www.dslreports.com/foru.....ould-it-be"

 

Others include dgosling , Security MSMVP and staff member at TomCoyotes among others says

 

"I am also a member of the staff at TomCoyote and believe that this article does not represent the opinion of the staff at Tom Coyote but of one person - the author.

 

It also seems to me that the user is given a choice of whether to upload their log or not just because they have to click on the button 'Analyze This' to do so.

 

I also would like to point out that the text on the "Analyze This" button changes to "Send Log to Trend Micro" after the log is sent. This might be argued as being a little late for notification of the user, but as far as I'm concerned the average user would know they were uploading their log to Trend."

 

There are many more who use their brains instead of blindly jumping onto the bandwagon. who think this accusation of spyware is insane.

[Tunerz]

If the 2.0.2 access the net when the AnalyzeThis button is pressed, shouldn't the firewall give probably 2 alerts, one is HJT hooking to the browser and the other one HJT connecting to the net? In that way we may have chances to see if the article is just made by a wacko.

[Andavari]

What fredvries already stated I'll take and accept as it makes perfect sense! So why stretch this "news" out any further?

I am confident that Trend Micro only added the AnalyseThis button to assist users. Naturally they hope that new infections will be reported back to them because they can add this to their databases. But spyware? No, I don't think so.

[LUSHER]

If the 2.0.2 access the net when the AnalyzeThis button is pressed, shouldn't the firewall give probably 2 alerts, one is HJT hooking to the browser and the other one HJT connecting to the net? In that way we may have chances to see if the article is just made by a wacko.

 

Definitely wacko. I spoke to several big names and they all agreed .

[BrownSugar]

I was going to mention that you could always unplug your connection from the net (either from your computer or your router), or just deny access to Trend Micro through your firewall settings. However, I just opened Hijackthis to have another look, and in my version it clearly states under the "Analyze This" button that you're uploading your results to Trend Micro, so how is this spyware?

 

I've seen many authorized forums where people c&p their Hijackthis logs for further analysis, or then run other removal tool and subsequently post those logs, and unknowingly copy very personal information that's in their registry. I think that's a much more important warning to issue than that discussed in the above article. In m opinion, there's no problem with the new version of Hijackthis. If you have questions about your log, post it to Castle Cops or another forum, but scan it first for personal info (or even rename directories that may be unique to your computer).