We’re happy to report that the current versions of SpywareBlaster (4.2) and EULAlyzer (2.0) have been fully tested with the final version of Windows 7, 32-bit & 64-bit.

They both passed our suite of compatibility tests, and we’re not aware of any issues. For those running Windows 7: just install and enjoy!

We’re happy to announce the release of SpywareBlaster 4.2.

Prevent the installation of spyware, adware, browser hijackers, malware, and other potentially unwanted software with SpywareBlaster’s multi-layered protection.

SpywareBlaster can help keep your system secure, without interfering with the “good side” of the web. And unlike other programs, SpywareBlaster does not have to remain running in the background. It works alongside the programs you have to help secure your system.

More information and free download are here:
http://www.javacoolsoftware.com/spywareblaster.html

Detailed release notes follow after the break. › Continue reading

This weekend, the CLSID List (now hosted over at SystemLookup) surpassed 60,000 entries.

The CLSID List was originally started by Tony Klein as the BHO List, to catalog good and bad Internet Explorer Browser Helper Objects (BHOs). Over the years and across many different homes, it has expanded in scope to cover Toolbars, URLSearchHooks, and Explorer Bars, and has cemented its place as a truly invaluable resource to the online anti-malware community.

(Have you ever asked for malware-removal help at one of the many different HijackThis Log analysis forums? Your helper(s) likely used the list to help you out.)

A huge congratulations goes out to Tony Klein, miekiemoes, and all of the other contributors (and everyone who has submitted unknown items for investigation) for passing 60k!

For better or for worse, EULAs (those licenses with which you often have to agree to install software) are here to stay.

But the ways installers display them to the user differ wildly. Since part of the purpose behind our EULAlyzer program is to help keep users informed about what they’re agreeing to, we thought we’d take a look at some less-than-ideal examples to highlight where they may have gone wrong.

.Net Framework EULA

Today’s example: Microsoft’s .NET Framework 3.5 SP1 Setup.

It seems fairly obvious that someone wanted to cram a lot of options and information on a single screen, which is fine. But one of the sacrifices that forced was the almost comically small box in which the EULA is displayed.

The text above the EULA says in part (emphasis added):

Be sure to carefully read and understand all the rights and restrictions described in the license terms.

Yet doing so requires scrolling the EULA display quite a bit. And the “Page Down” key (mentioned below the EULA) is hardly any more useful than the “down” arrow key, due to the tiny size of the box.

Some of the major problems:

• The EULA display box is small. Really small.
• The EULA uses rich text formatting and large fonts which, while nice for the printed page, cause the EULA to look out of place and require more scrolling than would otherwise be necessary.
• There is extra space at the top of the EULA. With everything else taken into account, this prevents even the first line from fully being displayed.

To Microsoft’s credit, a “Print” button is provided. This is extremely useful, but shouldn’t practically be a requirement to read the EULA with any ease.

Click for full size

Earlier today, Google experienced a rather significant glitch: All search results showed the “This site may harm your computer.” warning.

Normally this warning does a decent job of highlighting common, major sources of malware (and other unwanted things). Google reasonably disables potentially harmful links, and redirects to an intermediary page that (a) provides more information, and (b) requires you to copy + paste the address if you want to continue. It’s not perfect, but it’s another decent layer. So normally: if you see this warning you should pay attention.

For quite some time this morning, though, Google search was basically broken. The warning mistakenly showed up for all sites – which disabled clicking through to search results, cached copies of the pages, and essentially all of the usefulness of the search.

Google has since fixed the problem, but a screenshot is provided above for posterity.

UPDATE: It seems there is a lot of confusion about this on the Internet. To clarify:

The glitch was not caused by an infection on your computer. The problem was on Google’s end, and affected (seemingly) everyone.

If you are still seeing search results pages with all of the links marked as potentially harmful, try clearing your browser’s cache and refreshing the page.

We’re happy to announce the release of EULAlyzer 2.0.

Many bad or potentially unwanted pieces of software like to bury what they plan on doing in their license agreements. And, truth be told, most people simply don’t take the time to fully read the license agreements for programs they install. So the bad guys get away with it, and most people have no idea what they might be agreeing to.

EULAlyzer helps you instantly analyze license agreements (EULAs), to determine the risks that software might pose. Advertising? Data collection? Hidden installation of third-party software? EULAlyzer breaks down long license agreements into easy-to-parse points of interest, instantly, to help you quickly zero in on potentially riskier behavior.

And it’s not just limited to license agreements either – use it analyze web site terms and privacy policies too, or any other text you come across.

The new EULAlyzer 2.0 is compatible with Windows 2000, XP, 2003 and Vista.

More information and free download are here:
http://www.javacoolsoftware.com/eulalyzer.html

Release notes follow after the break. › Continue reading

As you may have heard, CastleCops.com closed down on December 23.

Attempts to visit any page on the site are redirect to a brief message:

You have arrived at the CastleCops website, which is currently offline. It has been our pleasure to investigate online crime and volunteer with our virtual family to assist with your computer needs and make the Internet a safer place. Unfortunately, all things come to an end. Keep up the good fight folks, for the spirit of this community lies within each of us. We are empowered to improve the safety and security of the Internet in our own way. Let us feel blessed for the impact we made and the relationships created.

Some people may not know how tirelessly Paul, Robin (his wife), and numerous volunteers worked on the site, for the benefit of the Internet community. They provided invaluable resources, help, and (in recent years) tools to take up the fight against phishers and the other scum of the Internet. And for everything it was, it was a success.

So while it’s a sad to see such a great resource go down, I’m grateful for everything they were able to accomplish. The Internet is a better place today because of CastleCops, and those who helped make it what it was.

I am happy, however, to note that not all of the resources that CastleCops provided have been lost to the ether.

A few months ago, we offered assistance to Tony Klein and all of the other “malware list” creators, editors and maintainers should it be needed. The fruits of that labor are SystemLookup.com, the new home for the malware lists formerly hosted on CastleCops. Everything is there – the CLSID list, Startups, and the O9, O10, O16, O18, O20, O21, O22, O23 lists. We’ve even added some new lists (ShellExecuteHooks), with more likely to arrive soon. All of the lists are maintained around the clock by a top-notch team of some of the best in the Internet community.

In addition, many others who worked tirelessly to contribute to CastleCops have continued their missions on other sites and forums. A fitting tribute, perhaps, that even if CastleCops has not lasted to fight the scum of the Internet, those who it helped inspire may.

Microsoft has released a patch to fix a critical flaw in Internet Explorer.

This flaw is being actively exploited to compromise machines and install malware/spyware/rogue programs, so please run Windows Update and download the update immediately. Even if you don’t use IE for the majority of your browsing, other programs may use its underlying engine to display content.

Mozilla just released updates for Firefox 2.0 and 3.0 as well, to fix its own set of security issues. Be sure to run “Help” > “Check for Updates” in Firefox to update to the latest version.

Also please note: Firefox 2.0.0.19 is the last security update that will be released for Firefox 2.x. If your system supports it, you should upgrade to Firefox 3 as soon as possible.

Keeping your browser of choice up-to-date is imperative. It’s your first line of defense against the bad side of the web.

A fake, rogue anti-malware product, going under the name “SpywareGuard 2008″, is making the rounds.

This program is not, in any way, associated with Javacool Software or our legitimate SpywareGuard product. Rather, “SpywareGuard 2008″ is yet another rogue anti-malware utility trying to bank off of the name of a good program.

Legitimate download links for the real SpywareGuard are always available on our site.

The latest SpywareBlaster database update protects against the fake SpywareGuard2008, as well as thousands of other rogue and potentially unwanted programs.

Result of a Redirect: Antivirus 2009 Fake Scan Page

Recently, we’ve come across a number of legitimate sites that have been hacked to redirect to various rogue anti-malware “scan” sites (including Antivirus2009).

The hack involves a twist. Visiting the sites directly (i.e. via a bookmark or manually entering the address) results in no redirect and, often, no signs of the hack. The malicious redirect only occurs when a user arrives at the site via search engine results.

This clever tactic serves to effectively delay any fixes. Site owners’ visiting their site directly won’t see any evidence of the redirect. But since many sites receive a majority of their traffic from search engines, that large majority of users will keep getting redirected to the malicious site.

The root cause of many of these hacks is › Continue reading