startupware.com

Product Review–Yahoo Messenger

Test run July 20, 2005, default settings on clean install of Windows XP Home, OEM edition. Unpatched, no service packs, antivirus, or blocking software. Hardware firewall was the only security in place.

Version tested: Listed in ‘About’ box as “Yahoo! Messenger 6.0.0.1922 and MyYahoo Module 6.0.0.600, (C)1997-2004.”

Summary: Not evil, and not adware. Not harmless, either–it’s a massive set of changes to the system. Uninstallation is massively incomplete. Utility and value are dubious.

Recommendation, Business systems: Unwarrantied product with invasive settings. Prohibit all installations. Should be removed without option as part of all standard maintenance on corporate PCs.

Recommendation, Personal systems: Advise removal–there are too many autoplays and performance hits. Yahoo mail customers are vastly better off getting their emails from the ‘MyYahoo’ service, which requires no software installation. Could be left behind on non-networked systems with only one educated user, if adequate system speed is available to counter the slowdown caused by the software.

LICENSE
=======

The license agreement was the usual bizare set of disclaimers, not as bad as most, not as fair as it could be. There was one term that was interesting–note the absolute lack of notice when they decide to convert the service into anything else. There are no limits, and no notice, and no recourse.

“13. MODIFICATIONS TO SERVICE
Yahoo! reserves the right at any time and from time to time to modify or discontinue, temporarily or permanently, the Service (or any part thereof), with or without notice. You agree that Yahoo! shall not be liable to you or to any third party for any modifcation, suspension or discontinuance of the Service.”

INSTALLATION
============

The installation ran smoothly. It’s the type that does the download during the install (5.37 Mb), but does calculate and display the time needed. For the test, I chose the defaults for everything. The ‘Anti-Spy’ button on the toolbar, on first press, offers to download and install, and has its own license agreement. There is a default checkbox on the Anti-Spy product that changes Yahoo! to the default search engine.

Misleading: One program install results in three entries under Add/Remove programs, for Yahoo! extras, Yahoo! Messenger, and Yahoo! Toolbar. The ‘Yahoo! Anti-Spy’ product has its own Add/Remove entry, matching the install.

Added to running files:
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe

System settings changes, according to HijackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*
http://www.yahoo.com/search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*
http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*
http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*
http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*
http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\YAHOO!\COMPAN~1\INSTALLS\cpn\ycomp5_5_7_0.dll

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

UNINSTALL
=========

All FOUR uninstall programs completed without failures or warnings.

These three settings were left behind:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*
http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*
http://www.yahoo.com/ext/search/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*
http://www.yahoo.com

Yahoo shortcuts were left behind, in Favorites and in Links.
In the read-only folder “C:\Program Files\Yahoo!” 221 files and 20 folders were left behind, total 12.4 Mb.

In the read-only folder “C:\Program Files\Internet Explorer\SIGNUP\Yahoo” 8 files were left behind, total 168 Kb.

REINSTALL TEST
==============
On a second installation after removal, the Yahoo Messenger install program advised me that it was already installed–was I sure that I wanted to install it anyway? My interpretation–even Yahoo’s software detects that their uninstall is incomplete.

POST-MORTEM
===========

Interesting follow-up, post-test: Yahoo sent an email message to confirm that I had activated the toolbar, and mention their use of email bugs (which they call ‘web beacons’) to confirm that I had read it. The email did NOT include any removal instructions for either the email message or the toolbar itself.

From their privacy information, linked in the email: “Web pages may contain an electronic file called a web beacon, that allows a web site to count users who have visited that page or to access certain cookies.”

The email claims that the toolbar provides these benefits, among others (not tested):
“Protect your PC with powerful anti-spy technology…”
“…Eliminate annoying pop-up ads with Pop-Up Blocker.”

From the email itself: “You may have noticed a powerful tool from Yahoo! that resides on your browser. It’s called the Yahoo! Toolbar and it was voted CNET Editors’ Choice in November 2004.
So what’s that mean for you?
It means you have more control over your web browsing experience. And since the Yahoo! Toolbar is customizable, you get quick and easy access to all the things that interest you the most…”
“…This is a service email related to your use of the Yahoo! Toolbar. Please do not respond to this email. To learn more about Yahoo!’s use of personal information, including the use of web beacons in HTML-based email, please read our Privacy Policy. Yahoo! is located at 701 First Avenue, Sunnyvale, CA 94089.”

Test run July 21, 2005, default settings on clean install of Windows XP Home, OEM edition. Unpatched, no service packs, antivirus, or blocking software. Hardware firewall was the only security in place.

Version tested: Listed in folder names as 4.6.1.0/
‘Click here’ on main Hotbar page gave no option, but started the “Take control of email” installation, despite listing several other products.

Redirects searches to resultsmaster.com/SmartOffers

Summary: A kinder, gentler product than the last time I looked at Hotbar, circa 2003. Still doesn’t do anything useful, but no longer appears to take over the system.

Recommendation, Business systems: Remove. Serves no business purpose.

Recommendation, Personal systems: Remove. Redirects web searches.

LICENSE
=======

First license I’ve seen that regulates emotional content–’desire’ is apparently now a legal term:

“(b) You shall receive, and desire to so receive, various products/services, marketing ads, and campaigns of third parties through the appearance of links, menus, pop-ups, and other methods on and/or in connection with the Service and the Software (all of the foregoing “Third Party Promotions”).”

INSTALLATION
============

End of first installation caused spontaneous reboot, followed by standard Windows file check of drives. Corrupted file c:\windows\system32\config\software.log. On a second reboot, no Hotbar product appeared to have been installed, although one new entry showed up in HijackThis:

Added to running files:
C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe
C:\Program Files\Hotbar\Bin\4.6.1.0\HbSrv.exe

System settings changes, according to HijackThis:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm

O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll

O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll

O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe

O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe

O4 - HKLM\..\Run: [wzalvupo] C:\WINDOWS\System32\bkteqtfq.exe

O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll

O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj) - http://installs.hotbar.com/installs/hotbar/programs/hotbar.cab

UNINSTALL
=========

Misleading: Separate uninstalls for Hotbar Outlook Tools, Hotbar Web Tools, and Shopper Reports by Hotbar, resulting from one install program of Outlook Tools. Each of these ended the install process with a visit to a web page asking for feedback on the uninstallation. Reboot was required after the last of the uninstalls.

Left behind two empty readonly folders in c:\Program Files, for Hotbar and ShopperReports.

These settings were left behind:
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj) - http://installs.hotbar.com/installs/hotbar/programs/hotbar.cab

No shortcuts were left behind.

Product Review–SmileyCentral (Ask Jeeves, Inc.)

Test run July 21, 2005, default settings on clean install of Windows XP Home, OEM edition. Unpatched, no service packs, antivirus, or blocking software. Hardware firewall was the only security in place.

Version tested: No version number, but copyright date in the license is June 1, 2005. Also known as FunWebProducts.

Summary: Claims not to be adware or spyware, and I saw no indications to indicate that this is anything more than some cute buttons and icons, plus lots of settings changes relating to search functions. The apparent revenue model for the free product is that it directs your searches to AskJeeves.com, where they make money on sponsored ads.

Recommendation, Business systems: Remove–serves no business purpose, has no warranty, and may add to network traffic.

Recommendation, Personal systems: Mostly harmless.

LICENSE
=======
Under section 2, License conditions–the program phones home for updates:

“We may require the updating of the Software on your computer when we release a new version of the Software, or when we make new features available. This update may occur automatically or through other means and may occur all at once or over multiple sessions.”

INSTALLATION
============

Added to running files:
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

System settings changes, according to HijackThis:

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm824YYUS

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab

UNINSTALL
=========

Listed in Add/Remove programs as “My Web Search (SmileyCentral). Uninstall requires reboot.

These settings were left behind:

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab

Left behind read-only folder C:\Program Files\FunWebProducts, containing 2 files, 3 folders. The custom icon selected as a cursor was also left behind.

No shortcuts were left behind.

REINSTALL TEST
==============

No problems. Worked same as the first install. The second uninstall failed at reboot, with a ‘RUNDLL’ error box: “Error loading C:\PROGRA~1\UNINST~1.DLL. The specified module could not be found.” Message did not appear on subsequent reboot.

POST-MORTEM
===========

Surprise, surprise. There are so many ads for this product that I just expected the worst. But it’s clearly not that. Definitely a lightweight, and some home users may enjoy it.

I had what was apparently a pretty bad infestation of spyware crud on my Win XP box. Aurora, Limewire, some other stuff. I couldn’t clean it out myself, gave up, and got a referral on a local tech guru.

He showed up, took one look, and said he had to take the system to the shop or I wouldn’t like the bill. I let him, and he brought it back clean two days later, with a bill for $180. Seems clean, and he added some blocking on installs, and updated my patches.

Was this pretty typical? I lost days here. Bill wasn’t bad, considering.
_________________
Joe

OK, so I’m still learning all this %$#!!

Typical? Sounds quite reasonable. Could have been much more expensive. You lost days, but saved money, because the tech didn’t attempt to clean the system in your office. If he had, he would have run a series of cleanup programs, some taking 15+ minutes to run while he attempted to look like he was doing something. For some items in the autoplays, he would have needed access to another computer to do searches for identification and for more specific removal tools that take out single programs–Aurora is one of those, that the general-purpose tools don’t take out.

Overall, it’s much easier to do this back at the shop, with reference materials handy, another PC for patch downloads, a high-speed internet connection for patch updates, and most important, the ability to walk away while the scans run, because you really do have to run multiple tools to clean up the mess. Onsite, you probably would have had to feed him lunch. Maybe dinner. Rented a room. Offsite, he could keep working on other projects, and not bill by the hour while he did other things.

Yup, that’s what’s on screen this morning. I’ve been Updated, and there is this always-on-top message asking me to click on “Update”. Somehow or another, Viewpoint Media Player slipped past a fully-patched Win 2000 Pro setup with blocking in place on the autoplay settings. The product claims to send non-personally-identifiable information back to a server in order to run a toolbar, and online research claims that it hijacks search results. There’s no toolbar here, so I’ll guess I saw the very first message. AdAware and SpybotSD don’t identify it as a threat.

It doesn’t play fair. I can highlight the license agreement, but it won’t let me copy it. Same on a ‘Who is viewpoint?’ entry. Well, I did capture the main window as a jpg. As adware goes (if that’s all it is), it’s pretty tame. I had no trouble removing it by killing the process viewmgr.exe, running the Viewpoint uninstall, and cleaning out two related files from the temporary files folder. I’m curious how it got past my blocks.