Disclaimer:
I’ve been watching Messenger Plus!, its home forums and forums where its supporters post, for a long time, have been in dialogue with ‘Jason’ of C2Media and Patchou, and have had dialogue with or crossed swords with several members of what I call Patchou’s Posse. In fact, at one time Patchou asked that his supporters seek me out in the newsgroups (see “Update - very late on 6 October 2004” at http://inetexplorer.mvps.org/answers/45.html)
I don’t like the way the Posse has spoken to, and about, those who have problems with Messenger Plus! and/or the sponsor program. I don’t like how they head out in hordes to forums they otherwise would not visit purely for hit ‘n’ run support campaigns. I don’t like how they have called those who speak against Patchou or the Sponsor Program idiots, and n00bs, and other derogatory names, excusing their behaviour as frustration.
In short, I have a history of dealing with this program, its owner and its supporters – I have watched its improvement over time, and also believe I can claim that the pressure brought to bear by my analysis and web site had a (small?) part to play in the improvements to Messenger Plus! installation protocols since I first started analyzing, watching and reporting on MP and those around it – I even have an email from Jason at C2Media sent to me back in October 2004 wherein he said that he had taken some of my suggestions and passed them along to Patchou with his recommendation that they be implemented:
http://inetexplorer.mvps.org/answers/43.html
Ok, now we’ve got that out of the way… there’s a big kerfuffle at Neowin about Messenger Plus! and Microsoft Antispyware beta:
http://www.neowin.net/comments.php?id=29996&category=main
Let’s make something clear right from the start.
First… MSAS does not detect Messenger Plus as spyware – it detects it as a software bundler.
Second… MSAS does not “delete the spyware/adware free installed software, and [do] nothing about lop” MSAS detects and deletes lop.com (aka Swizzor Trojan) when it is installed.
Now, lets have a look at some statements on Patchou’s petition page – quotes in bold text:
“people have uninstalled Messenger Plus! because of the false detection made by Microsoft Anti-Spyware which is known to often detect more than it should on an average computer.” . There is no false detection. Messenger Plus! is detected as a software bundler, which is accurate. As for the comment ‘known to detect more than it should’… give us specifics, not throwaway comments.
“Messenger Plus! is detected whether or not the sponsor was opted for during installation, giving some users the false impression of being infected with something inexistent.” Of COURSE it is detected. It is a software bundler and is detected and reported as such.
Anybody who tries to say that MSAS detects Messenger Plus! as spyware is spreading FUD.
The recommended action is ignore. If people decide to change that setting and remove Messenger Plus! because they don’t want to use or support, a program that spreads adware, then that is their choice. If people decide to remove Messenger Plus! because they don’t want to use, or support, a program that is financially supported by C2Media, again that is their choice.
Patchou chose to bundle adware. He chose to associate with C2Media. Action begets reaction. Decisions beget consequences. It is a reality of life that we are judged not only on our actions, but according to the reputation of those we choose to associate with.
Here's a free clue for Patchou - when your supporters go out into the wild flaming detractors of Messenger Plus! or its sponsor program, they're not doing you any favours - especially when it is hit 'n' run.
Every user of MSAS has a right to be informed that Messenger Plus! is a software bundler. What they do after they receive that information is their business.
“Microsoft was contacted about this issue several times and each time, replied with a generic statement saying that Messenger Plus! was flagged properly in its database.” “This issue” is the detection of Messenger Plus! as a software bundler, not the current msgplus.exe popup toast problem, and I say fair enough. Messenger Plus! is flagged properly in the database and is correctly detected as a ‘moderate’ thread ‘software bundler’. If Patchou doesn’t want his software to be detected as a software bundler he knows what to do – stop bundling C2Media’s product, otherwise known as lop, otherwise known as swizzor Trojan, as his sponsor program. Trying to bully MS into giving him some sort of special exemption ain’t gonna work.
“That being said, here is what happened recently which really triggered the need for a petition.” Use the feedback facility like everybody else. Real problems are fixed.
“however, the program itself, msgplus.exe, is now detected immediately at system startup or whenever run manually by the user, and the following message is displayed in bold red: "Warning, Messenger Plus! Software Bundler is trying to install!". In addition to discouraging anybody in their right mind to click "Allow", this message is, to put it simply, a lie. Messenger Plus! is not a "threat" and it certainly is not trying to "install itself on your computer", it's already been installed at this point and the program is just trying to run and do what the user expects it to do. Why is that important? because the main argument of Microsoft so far against this case has been "the policy of Microsoft Anti-Spyware is to flag all installers which bundle spyware/adware as being potentially dangerous".” Once again, if you think there is a misdetection, report it using the known feedback facility.
People are being lead astray by some who are hinting that because MS won’t stop detecting Messenger Plus! as a software bundler, they also will not fix the msgplus.exe problem either. That is by no means certain.
There is a big difference between Patchou and his posse complaining that his software is detected as a software bundler, and the current issue. That is because the detection of Messenger Plus as a software bundler is AN ACCURATE REPRESENTATION OF FACT and there is no way in hell that the detection should be removed from MSAS as long as Patchou continues down the path of using a sponsor program – especially a sponsor program that changes your home page, installs a toolbar that cannot be turned off (and a second toolbar if you dare change your home page to one of your own choosing), generates pop up advertisements and sticks icons on your desktop.
I agree that the current problem (the pop-up toast detecting msgplux.exe itself as a threat) needs fixing IF, AND ONLY IF, msgplus.exe is as innocent and innocuous as described. I, for one, have seen a dialogue box appear offering to ‘repair’ Messenger Plus when damage to the program is detected, therefore I suspect that not only is msgplus.exe the program itself, and not only does it trigger the uninstall (as admitted by Patchou) but I suspect it may also trigger an installer of some type. If a different executable detects damage, triggers the repair dialogue box or triggers the repair installer, then I’m sure that Patchou can share the name of that executable.
“The problem is that it removes Messenger Plus! itself while leaving the advertisements behind.” Bullshit. If the sponsor commonly known as lop.com (which generates the advertisements) exists on the system it is also detected by MSAS. The dialogue box of which Patchou complains does not occur in isolation.
“By doing its work improperly Microsoft Anti-Spyware is responsible for thousands of advertisement related problems every day”. This figure is pulled out of thin air and Patchou has not provided any quantifiable evidence.
“If Microsoft Anti-Spyware continues to cause that many problems, the 4 years of existence of Messenger Plus! as you know it will probably come to an end and with it, all the extra features you learned to love in your Messenger.” Puhlease… over-reactionary claptrap… in fact the entire situation is over-reactionary claptrap. If Messenger Plus really does have 7 million users, and those 7 million users really do love MP as much as Patchou and his Posse say, then MP will go on regardless of MSAS.
Now let’s look at the petition itself…quotes again in bold:
“It is my opinion, based on solid evidence, that MSAS contributes to damaging thousands of computers every month because of its improper detection and removal of the Messenger Plus! software, in addition to greatly damaging the reputation of the product for no viable reason.” What “solid evidence”? There is none. Opinions are not evidence. How can any person in good conscience sign the petition when they do not have “solid evidence” that ‘thousands’ of computers are being damaged every month. There are not ‘thousands’ in the MP forums, there are not ‘thousands’ in the MSAS beta forums.
“I recognize that Messenger Plus! bundles an adware program, referred to as sponsor, which can be optionally installed during its setup. This step is clearly presented to the user and differs in no way to the step presented by other similar popular products such as the Google Bar or the MSN Toolbar.” Bullshit. The MSN Toolbar and Google Bar both pop up large, clear dialogue boxes whose only purpose is to ask for permission to install various features – the information is not hidden in an EULA or included on what is already a very busy installation window. In short, MP’s way of doing things and MSN/Google’s way of doing things are completely different. MSN and Google’s standard of notification and installation transparency are vastly superior to Messenger Plus!.
Now, let’s talk about whether Messenger Plus! can be classed as spyware. Users of Messenger Plus! may not realise that beginning with version 3.20.100 of the software, released on 19 September 2004, Messenger Plus! will send periodical 'statistics' to the msgplus server about what Messenger Plus! features you have used. The option is on by default, but can be turned off (of course, to be able to turn the option off, you have to know that it exists). During my tests, if this option is enabled when I uninstall Messenger Plus!, Messenger Plus! will phone home (reporting its removal?).
The new wizard that runs when Messenger Plus is installed, prompting the user to make decisions about various areas of Messenger Plus behaviour, does NOT prompt for permission to phone home and report on user’s activities. Therefore, yes, Messenger Plus! can, in a sense, be classed as spyware.
There is a lot at stake here for Patchou; not only does he earn a very nice income from the Sponsor Program, he also has a legal relationship (sharing a directorship) with those behind C2Media, and C2Media or those behind it also bankroll his web site (providing server, bandwidth etc). Such ‘sponsorship’ does not come cheap.
http://www.sunbiz.org/scripts/cordet.exe?a1=DETFIL&n1=P02000112500&n2=NAMFWD&n3=0000&n4=N&r1=&r2=&r3=&r4=SECURESOFTWARE&r5==
Update: Testing Messenger Plus! and MSAS
http://msmvps.com/spywaresucks/archive/2005/08/24/63918.aspx
Update: Has Patchou's Petition been invalidated?
http://msmvps.com/spywaresucks/archive/2005/08/27/64290.aspx
Update: 6 September:
http://msmvps.com/spywaresucks/archive/2005/09/06/65524.aspx