Merijn, the creator of HijackThis recently sold the popular application used to remove malware to Trend Micro. In addition to improvements like support for Windows Vista, they’ve added a deceptively titled “AnalyzeThis” button. While the average user likely thinks the AnalyzeThis button provides helpful information for diagnosing their log, it’s main purpose is to send the HJT log data to Trend Micro. Unfortunately, unless you carefully read the Trend Micro End User License Agreement, you would probably never know that the AnalyzeThis button submits the data from your HijackThis log to Trend Micro for use by them and their partners.
The Anti-Spware Coalition defines spyware as the following:
Spyware: The term Spyware has been used in two ways.
In its narrow sense, Spyware is a term for Tracking Software deployed without adequate notice, consent, or control for the user.
In its broader sense, Spyware is used as a synonym for what the ASC calls ?Spyware (and Other Potentially Unwanted Technologies).?:
Technologies deployed without appropriate user consent and/or implemented in ways that impair control over.
- Material changes that affect their user experience, privacy, or system security;
- Use of their system resources, including what programs are installed on their computers; and/or
- Collection, use, and distribution of their personal or other sensitive information.
This is HijackThis version 2.0.2 (the latest version) after scanning your system.
#3 is the new AnalyzeThis button:
Clicking AnalyzeThis will redirect to this page:
No where on the AnalyzeThis landing page does it inform that your HJT log data was just to be transferred to Trend Micro, or provide the option to opt-out of data submission. The only clue is a link titled, “stats on your log file entries”. Which contains mostly useless information on the popularity of your entries. Would you have any idea that HJT log data had just been transferred to Trend Micro?
What about Trend’s Quick Start Guide? No, just this:
3. Once the scan is complete, click the AnalyzeThis button. A web page will open containing helpful information regarding HijackThis.
Maybe the Frequently Asked Questions? No help, not even a mention of AnalyzeThis.
Excerpt from Trend Micro End User License Agreement :
5. REPORTS AND PRIVACY. At any time during the term of this Agreement, You may
choose to send to Trend Micro a report of log files that may include personal information
that the Software scanned on Your computer. By accepting this Agreement, You hereby
give Your consent to Trend Micro to process log file data provided by You (“Information”)
in connection with this Agreement; processing may include collection, registration,
storage, modification or disclosure of such Information to third parties. As a condition to
using the Software and by accepting this Agreement, You ensure, represent and warrant
that You are legally permitted to provide Trend Micro with access to the Information and
You also give Your consent to Trend Micro to transfer or store the Information in one or
more of its group companies, located in and/or outside the country where You are
located, and/or in jurisdictions which may have a lower level of protection of Information
than is applicable in the country where You are located or where pr
ivacy laws may not be as stringent as those in Your own country.
WhatTheTech (formerly TomCoyote) is no stranger to HijackThis. Our Quick Start Guide was included in version 1.99.1:
Trend Micro’s version 2.0.2 of HijackThis is currently supported by WhatTheTech in the forums. The Vista support and other improvements make it a necessary tool in some instances, and there are frankly few other good alternatives (although some are in development). Unless version 2.0.2 is requested or required by a Vista installation, we recommend the continued use of HJT version 1.99.1.
While technically the license agreement does address the data collection, we encourage you to contact Trend, and encourage them to stop the deceptive behavior with HijackThis. Due to the nature of the software, they should be extra careful to disclose any privacy concerns. Transparency is the issue. There should also be a clear warning when any data is about to be transferred, and an option to opt-out of all data submission.
25 Responses
HijackThis is now spyware? | Spyware News and Information
July 30th, 2007 at 3:37 pm
1[…] Original post by Blair […]
MalwareTeks Blog : HijackThis is now spyware?
July 30th, 2007 at 7:11 pm
2[…] from TomCoyote.org Merijn, the creator of HijackThis ™ recently sold the popular application used to remove malware […]
Almander Slokum
July 31st, 2007 at 8:38 am
3Humm well the run was good while it lasted. I knew that the good programs would subcome
to the reality of todays world…
MONEY !!
It seems people will do whatever it takes. There should be somethings that are not touched, somethings that don’t move, somethings that change very little over time. For a point of reference and a way to define an age. So that family’s can go onto the Internet and be able to see and do things together without having to re-make the wheel to do so.
Business is business, and business is defined by its ability to generate wealth and prosperity
for one or more than one. Its sad really. That we would have to come to this.
I bid a fond farewell to the makers of this great program. I hope that they have a contract thats iron clad as to how their product is to be used so that there own since of honor and the right is wrong is justified.
If the creators have sold “all rights” to their creation then they have nothing to say as to how their creation will be used in the coming age…if thats the case..I hope everything turns out like you wanted it to become. and remember
“1 programmer can make a differance in the world. Just stand up and stand for something and never back down till it is the way you want it”
Well thats my “2 cents”
Almander Slokum
kurt wismer
July 31st, 2007 at 10:18 am
4so i think i’m going to point out the elephant in the room…
the analyze this button has the words “upload to trendsecure” right underneath…
it seems to me that that fairly clearly discloses the fact that it’s going to send your log to trend…
coachwife6
August 2nd, 2007 at 9:04 pm
5This is just sad.
spambuster
August 3rd, 2007 at 10:20 am
6Merijn and HijackThis? were trusted names to me going back maybe as far as when Steve Gibson began cranking out tight code. It’s a shame that corporations think so little of their reputations that they bury and obfuscate critical admissions of data mining and other machiavellian activities deep in the TOS agreement. If they didn’t think what they’re doing is highly questionable, they’d be upfront. The “Upload to Trendsecure” direction is NOT clear enough and intentionally misleading (trendSECURE), especially since QuickStart instructions simply say it’s STEP 3. While it’s wrong to assume, I’ll bet many assume that means “okay, their computer is simply going to scan my log and produce something helpful” rather than “OHMIGAWD, I’m handing over a personal data log to be dissected by 3rd party advertising shills.” Shameful.
Phasers
August 4th, 2007 at 2:16 am
7This just goes to prove that when it comes to Big Business and Money they would Steal the Eyes right outta your head to try and sell them back to you. There is No End to the Lowness most Companys will go to just to get our hard earned dollars.
oledawg
August 4th, 2007 at 2:19 am
8Ask any lawyer how risky it is to trust someone you have never met or even talked to on the telephone.
Worse, when you are asked to sign a boilerplate ‘agreement’, it is as if you are a willing victim waiting for the accident that will surely happen, and when it does, guess who comes out on the short end?
The trend of ‘sharing information’ by stealth is increasingly intrusive and should be vigorously resisted.
If you had a pedophile or an junkie living next door and he had a key to your house, how would you protect your family when you were away?
The police would tell you to wait until they committed a crime, then they would do something about it.
We are now at that point and until there are laws to protect our computer privacy, we are more vulnerable than having a malicious slanderer on a mission to destroy our livelihood and reputation.
As a citizen, I have the same frustrations with politics, where too many in Congress are more interested in being reelected and in doing so, pander to those who use political donations and bribes to corrupt.
In turn, politicians are beholden to the corruptors and use their position of power to subvert the law-making process instead of exercising their oath to serve their constituents who voted them into office.
By default, it is up to each individual to learn how to protect himself from intrusion.
With the help of those who willingly serve, such as those at websites such as this, we can in turn assist our families and friends to resist unethical and potentially harmful intrusions.
jgschellinger
August 5th, 2007 at 11:29 am
9DOH!!! Just when I thought Homer had taught me all I could possibly know about computer’s and the internet; where are the doughnuts? Why you……….
Runscanner
August 7th, 2007 at 3:41 pm
10Time for something better 🙂
ruthandtroy
August 12th, 2007 at 5:37 pm
11I agree with Kurt, right underneath it has the “upload to TrendSecure”… I think Trend Micro are a fantastic internet security company, definitely one of the better (note: not best) “paid” anti-virus products on the market… Good on them for realising the worth of this valuable tool. Okay, so maybe they could have gone about it in a slightly better way, but let’s wait and see if they learn from their mistakes with the next revision released.
HumanFemale
August 31st, 2007 at 8:13 am
12No one is denying it isn’t a good program, it’s what they do with the info on your computer that is questionable.
ProEd
August 31st, 2007 at 8:10 pm
13I first learned of, and received assistance from, Geeks To Go in 2005. My 1st encounter w/ you wonderful folks started w/ posting an HJT log. I have assumed since that time that HJT software was a GTG creation, specific to this website. From what I read above it appears I was mistaken. Is there a page on a GTG forum page where I can read more about this topic? Seems us pilgrims (non-Geeks) need to learn more about the the process and information we’re sending to GTG. Or am I reading this article incorrectly?
Happy trails…. ProEd
ben linus
October 23rd, 2007 at 9:41 am
14So as post #2 pointed out, it is plainly obvious that results can be uploaded. It is entirely optional. Some people go up in arms over such trivial things.
Seanmeister
November 20th, 2007 at 9:40 am
15That’s why I archive and keep handy old versions of stuff like
Hijackthis 1.99 ….me thinks oldversion.com has it, if not Im sure you can find it somewhere.
Funny thing is we wouldnt this or any other viri detection if Mhikroshoft would plug the holes in the OS like they should but instead ( and its only a rumor but…) they leave doors open and let 3rd parties fill them with anti-viri programs that the anti viri program writers have written. Perfect scheme eh?
I mean honestly – In 1969 we put a man on the moon with vaccum tube technology but in 2007 we cant make an OS thats impervious to your typical 8th grader with a little VBS and c++ training…. yeah right whatever… Im buying a MAC (( I never thought Id say that screeb, but Im doing it , Im tired of it all.) )
FG
November 30th, 2007 at 6:11 am
16Doesnt matter to me , The old versions I have saved to disc over the years will work fine for me in xp. beings I will never have to worry about vista . They are how ever not painting the line clearly enough and using the majority of internet users ignorance of the pc against them which is as bad as malware named windows update etc…
Homercidal
December 11th, 2007 at 12:06 pm
17Uh, it says “upload” right under the button. Anyone with enough brains (or guts) to use HJT without worrying about screwing up their settings is going to know what “upload” is. Personally, I mention HJT to clients and always recommend they have a knowledgeable person use it for them if they do think that messing with the registry is within their capabilities.
Perhaps Trendsecure could be using this information to help make their software better? How many times have we seen HJT logs posted online for all the world to see, and yet how can this be better than giving to a professional? How can they be making money over this??
Someones around here need to kick back, sip a homebrew, gaze out the window at the lovely winter landscape and reflect on the wonders of nature. IMO.
Keith
December 25th, 2007 at 10:43 pm
18Really, if they wanted to see the logs of people, the logs are constantly being posted on different sites to be analyzed for help. As a business person, someone with tech experience, and as a programmer, I see no way they can profit directly from this, other than to gather technical data to improve their products. Really, if people are that concerned about someone else learning about websites they have visited, maybe these sites are something they shouldn’t be visiting to begin with? Just something to ponder. If it embarrasses you for someone else to find out about it, then don’t do it to start with.
Merry Christmas, and God Bless!
Old Tabby
December 29th, 2007 at 2:52 pm
19Keith makes a good point!
It may not have been the author’s *original* intention for HJT logs to be posted all over the web but he certainly knew it was happening & he then developed the program to make the logs as useful as possible. Presumably he tried to do this without compromising the user’s security which, BTW, was already compromised by whatever nasty they had allowed to be installed!
However, there’s still a con here! What, if anything, does TrendMicro do with the logs?!?!?!
Other than an expert cleaning a system, anyone running HJT is NOT an expert & is looking for help. An “AnalyzeThis” button *implies* this is how you get help.
But is it?!?!
I doubt it!
The referenced page tells you to post the log to a forum for help & then come back to buy TrendMicro products to protect your system after it’s cleaned. So what the heck is the point of having users upload log files?!?!
Anthony19
March 14th, 2008 at 12:00 pm
20I Have to back you 100% there ” old tabby ”
Well said….
Jacob
April 16th, 2008 at 9:13 pm
21To be perfectly honest, and blunt, anybody who doesn’t realize that ‘Upload’ means that something is going from your computer to the internet, isn’t fit for computers. Put down the mouse, and pick up a typewriter. Or at least keep off the internet.
S
August 30th, 2008 at 10:13 am
22Well this explains why trend micro’s anti-virus missed 100’s of spyware and viruses on a friends pc, because trend micro is evil and they came to steal your info!
Nick
October 9th, 2008 at 1:31 pm
23I’d have to agree with Kurt and Jacob, upload means sending data anyone who doesn’t understand that shouldn’t be using hijack this anyway.
jerryc
November 11th, 2008 at 7:41 pm
24hehe
It’s a darn good program for exposing malware. Who cares if Trend sees my files, all they have to do is google my name and they’ll have all my files. Post #2 was apropos.
Savinar
July 5th, 2011 at 9:50 pm
25Spywares and viruses are always a pain in the neck, they just ruined my brand new laptop…
Tech Questions?
Categories
Links
Expert Zone
Support Forums
All trademarks and copyrights on this page are owned by their respective owners.
What the Tech is powered by WordPress - © Geeks to Go, Inc. - All Rights Reserved - Privacy Policy