GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Paul Markham · 10-15-2006, 11:36 AM

Quote:

Originally Posted by Missie

I didn't even read all your post I stopped after this paragraph.

That comment is totally unfounded and based on you not understanding how adware really works. Kellie has the highest reputation in this field, she has been doing this for many years and whatever she said to you was PRECISE AND EXACT.

She has to be extremely careful when she does testing so that she doesn't propagate incorrect information.

The fact that you say that she could be working for the adware comanies is LUDICROUS. I can't believe anyone would ever say that!!!!

Just try to understand what she told you rather than brush it off as too hard or too much work. I told you that testing for scumware activity was a lot more than just installing the application on your computer.

Your comment made me very angry! We try to help you as much as possible and you don't even try to understand any of it.

Missie

Then read it yourself.

Quote:

I'm going to repeat this again and try to be very clear about it. If you take an old computer, hook it up to your network to get Internet access, start loading it up with all kinds of apps to test, then you now have a HUGE security risk for your network. Now if you don't really care if your customer db gets compromised, your customer credit card info is stolen, your financial information exposed, your computers on your Network are turned into spam bots or even worse zombie boxes to launch dDOS attacks......then man go knock yourself out. It's a reality about the kinds of software you will be coming in contact with. There are some really malicious software out there. And that's not me just blowing hot air your way. Just last week I had a trojan piggyback install on a particular adware application I wanted to install. It turned the computer into a spam zombie trying to send out hundreds of spam emails from my computer over my ISP. It also trashed the LSP at the next computer reboot. Because I had my system set up correctly the trojan didn't infect itself across my network onto all my computers, I was able to kill the outgoing spam as soon as it started happening and I was able to restore my operating system and the test environment within a few minutes. I didn't have to completely reformat the hard drive, which is what would have to be done if it had installed on an unprotected testing system. There are accepted standards to setting up testing computers to provide security of system, efficiency in testing and accuracy of testing. How is educating you to that fact so you are protected saying don't bother and you might as well just join adware instead of fighting them? If I felt that way, I wouldn't have been fighting them for 5 years now, putting myself at considerable legal risks I might add.

"The other thing sponsors can do is to learn about many of the common tactics different adware use. This information can then be used to set up red flags from your own back-end systems. There are times that bad behavior can be picked up from information within your own stats and logs."

That's saying don't bother and just join the adware companies how?? Is it a magic catch all solution? No, because again unfortunately there ISN'T a magic catch all solution. And that's from years of very knowledgeable programmers and security firms looking for ways to combat this crap. But it is a more global approach and a more proactive approach. There are numerous things that will show in your traffic and stat logs which can be used to flag you to bad behavior. Ping Ben from MoreNiche on this one. I've assisted them along these lines.

GUID and time stamp your cookies and you'll catch a lot of the crap right there. Not all of it, but a lot of it. Talk about that technique publicly and everyone who is already using it will lose the benefit of the techniques because adware folks will rapidly adapt to the detection measure. It's being used quite effectively by some major players in mainstream affiliate marketing. But you will NEVER hear me talk about it publicly for some very good damn reasons. Do you honestly think the adware folks don't go to great lengths to avoid detection? Do you think they don't monitor public forums where they are being discussed? Even if the folks over at GFY are able to come up with some brilliant solution that no one else who have been researching, educating and working towards the solutions full time for years has been able to....it will be a moot point posted in such a visible public area. The adware folks will just program around the protective measure. Good Lord, these guys constantly get around detection for such major companies as Norton's and McAfee. It's a constant on going battle. Here's just 2 facts to emphasize the point. Zango already has programming built into it which can circumvent the time stamp protection. It's just not being used right now, because they feel there isn't a need to. But it's there....I SEE it every time they do a pop up. Wow...maybe I actually KNOW that because I've set up my testing environment correctly????? And if they ever DO implement it, I'll know it and I'll also know how they are exactly doing it. And then folks who do really care about the issues can find a solution to counter them. And then we can pass that information on PRIVATELY to merchants and sponsors. Second example...remember M$ Service Pack 2 that was supposed to end the problem of unwanted adware/spyware installations? I was seeing programming in adware a YEAR before SP2 was even release to detect SP2 systems and install around it. Point me to one source that documents a significant decline in adware installs since SP2 has been released.

If the fact that I prefer to deal in the realities of what the adware companies will do and how they *really* operate and generate revenue...the actual facts, somehow translates for you into I take the stance of just don't bother or you might as well just join them...then whatever.

My ethics dictate that I give merchants/sponsors accurate information and don't lead them down some fantasy path. That they have solid data on which they can make sound business decisions. I don't operate by posting knee jerk reactions with a minimal of facts on the situation on public forums. And I certainly would not have dedicated myself to researching full time EXACTLY HOW adware companies and affiliates are screwing over the affiliate marketing industry as a whole if my impetus wasn't assisting both merchants/sponsors and affiliates in protecting the revenue that is rightfully theirs. Personally I feel that all these idiots who are engaging in these practices should be behind bars. Unfortunately, that's not the case. What adware companies have done and are doing to ecommerce and online marketing goes will beyond just one sponsor/merchant or affiliate.

I first tested Zango in Dec 2003 and documented inappropriate affiliate link usage, reporting on my findings on the largest mainstream affiliate marketing forum. I tested them for 2-3 weeks learning EXACTLY how their software operated. I knew EXACTLY who the affiliate IDs belonged to when I reported. IOW, I had solid, well researched, accurate information to report to the community when I posted. I've been testing them ever since. I had documentation that could stand up in court to back all statements I made (and that is NOT just a video). I had tested numerous other adware applications before I even looked at Zango. I've paid out of my own pocket for an attorney to do a 2 hour affiliate marketing internet radio show discussing all the possible legal options available to merchants (sponsors) and affiliates where adware is concerned. That one cost me $1k with no direct benefit to me any way whatsoever. But maybe if I just posted informed BS on a forum, then I would then be truly committed to the issues?

What I did say and do is give you some free consulting. You're welcome. What you do with the information is your choice. Just don't give yourself a bigger problem or get yourself burned because you have good intentions but have misinformation or only a limited understanding the issues.

Kellie

Maybe I'm easily scared. She did not offer to do it for me for a fee. Or anyone else. As an "Expert" (my term) I think it would be a good idea for her to do this.