Besttoolbars Development network


 


ToolbarStudio Security Assurance


Our company, Softomate LLC (founded in 1998, Lynden, Washington) is one of the leaders of toolbar and desktop applications development (http://www.softomate.com/)

More than 12000 companies all over the world are using our platform to create their browser toolbars, such as IBM, AOL, GE, Amazon, Skype, US Government/ Military sector, etc.
Softomate created legitimate ToolbarStudio software and extensible toolbar platform code, which is 100% adware/spyware free. You may download our package from http://www.besttoolbars.net/CUST/tbstudio.setup.exe

Unfortunately several companies modify or alter our product to include behavior that could be considered as adware. In order to identify the particular toolbar created using our platform and not all the toolbars that was created please consider the following:

Each toolbar has its own unique identifier (GUID). There is info.txt file in the package that shows the GUID used to create the toolbar like:
GUID: {0C9A45D1-6DF3-4615-9353-07FB5EE9B507} Version: 4.0.2.49 Date: 21.03.2008
Please use GUID for identifying particular build.

In the past, we have contacted several anti-virus vendors directly like Mcafee, TrendMicro, AVG, LavaSoft, Avira, etc. They confirmed mis-identifications and false positives and removed identification of our platform from the databases:

Correspondence with Anti-virus vendors

Case 1    McAfee

From: Nickerson, Warren
Sent: Saturday, September 01, 2007 2:03 AM
To: Besttoolbars
Cc: Nickerson, Warren; Stepanov, Anna
Subject: McAfee "Adware-Softomate" detection

Dear Ms. Goldina:
Your recent inquires to McAfee, Inc. regarding its "Adware-Softomate"
detection of various toolbar programs have been forwarded to me. I am an Attorney for McAfee and, unless specifically notified otherwise, I will be the point of contact for future correspondence on this matter from yourself or your agents. I believe it prudent and important to provide a quick background as I answer the questions in your last email.
McAfee's "Adware-Softomate" Detection
A comprehensive explanation of how McAfee analyzes and creates it detections for programs is far too lengthy to discuss in an email. However, for the purpose of this discussion, it should be sufficient to explain that McAfee's researchers attempt to discern the origin of a program as part of the behavioral analysis process. McAfee receives numerous programs that exhibit behaviors typical of adware programs. A subset of these programs included common components and identification information showing a strong connection to, or association with, "Softomate." Therefore, a common detection name was created ("Adware-Softomate") for all programs that had these common components and information.
Softomate's Toolbar Authoring Software
The "Adware-Softomate" detection appears to affect anyone who used Softomate's toolbar authoring software. It seems the cause of the issue here is that even though Softomate's product does not directly cause advertisements to appear to end users, many of Softomate's customers have used the toolbar authoring program to create adware toolbars. And because those resulting toolbars included information and components that primarily identified Softomate as the origin of those toolbars, they were identified as "Adware-Softomate".
Going forward
Based on your inquiry and further investigation of this matter, McAfee had decided to accept that the identification information in these toolbars is likely an unintended artifact left over from Softomate's toolbar authoring program, and not the result of actions directly caused by Softomate. McAfee has begun the process of rewriting the detection drivers for the many toolbars that have used the Softomate Toolbar authoring program; updated results and log entries will take up to two weeks to complete.
To prevent these detections in the future, I recommend that Softomate revise its toolbar authoring program to ensure that its customer's toolbars are not confused with Softomate. If you have any further questions on this matter, please let me know.
Regards,
-w
_____________________________
Warren S. Nickerson
Attorney, Product Development
McAfee, Inc.
20460 NW Von Neumann Dr.
Beaverton, OR 97006-6942
503.466.4654 | Desk
503.466.9671 | Fax


 

Case 2Trend Micro
Virus Buster of Trend Micro reported the Spyware - Generic Grayware in the files :

D:\Program Files\Softomate\ToolbarStudio\bin\tabbedSearch_pluginU.dll
D:\Program Files\Softomate\ToolbarStudio\bin\tabs_pluginU.dll

We have received the following answer from Trend Micro

From:  support.trendmicro.com
To:                   Besttoolbars.net
Date:      8 Feb 2008 22:13:17 +0800
Subject:                [SR #:1-125685026] RE: False adware identification
Attachments: <none>

Hi Alex,

Here is an update for this case:
---------------------------------------------------------
The file you submitted was verified to be non-malicious.
We removed detection for GENERIC_GRAYWARE from the file(s) you submitted.
---------------------------------------------------------

Please request your customer to update his pattern file.   Then ask him to install your software again and check if there would be further detections.   Let me know the result the soonest.

Alex,
We analyzed the following files and verified to be non-malicious. This is currently not detected by Trend Micro using our latest OPR 5.609.00, and minimum scan engine 8.500 or later as follows:

update.exe (65,536 bytes)

Trend Micro DRR Team

 

Case 3

False Adware-Softomate detection - Anti-Virus program

From:                  Tobias Wahlgren
To:                   "Alex Bers"
Date:      Fri, 18 Jan 2008 12:37:06 +0100
Subject:                False Anti-virus identification

Thank you for your work in cleaning up antivirusprogram.se
 
We try to make it easier for users by helping them with different virusnames and different supplieres of AV-programs. As you proberbly know different AV-programs has different names for the same virus/malware.We try to give persons an overview of the different names for the same virus/malwrae from all the AV-programs.
 
We have removed ‘Softomate’ from our database, due to that it has clearly been removed by Mcafee etc.   

Best Regards Tobias
 


Case 4. Max Secure Software

Response from Spyware Detector Support Team 1/18/2008
Dear Alex Bers ,
We apologize for the inconvenience, we have made corrections to  the webpage " http://spywaredetector.net/spyware_encyclopedia/Adware.Softomate.htm ", and the technical team is also working on database entries , very soon the database entry will be changed to some other name instead of 'Softomate toolbar'.
Thank you for your valuable feed back.
Regards,
Max Secure Tech Support Team
www.maxpcsecure.com

 

Case 5.   Avast  - false identification

From: Michal Trs
Sent: Friday, May 16, 2008 8:54 PM
To: Alex Bers
Subject: Flase identification from Avast

Dear Alex,

thank you for attention. False positive alert will be fixed in next VPS update. We apologize for this problem.

To prevent false positive alerts in the future you can send use new version of your product after release. We add it to our cleanset. To email subject please write prevent "prevent false positive".

Best regards
Michal Trs
virus analyst- Avast

 

Case 6.   Avira – false identification  of Droppers DR/Mostofate.CR.1

From: Avira GmbH
Sent: Wednesday, May 07, 2008 4:39 PM
To: Besttoolbars
Subject: (Call #548881) Re: False positive identification

Dear Sir or Madam,
 
 
Thank you for your recent inquiry.
 
We could not find a virus in the attachment / at the url you have sent us. This is a false positive. We will take out the pattern recognition in one of our next updates.
 
We thank you for your assistance.
 
--
Freundliche Gruesse / Best regards
Avira GmbH

Fabian Henne
First Level Support

Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Internet: http://www.avira.com

Case 7. AVG -false detection

From: AVG Technical Support [mailto:support@avg.com]
Sent: Thursday, August 19, 2010 9:02 PM
To: bers@besttoolbars.net
Subject: Case AVG#0000597749: [ ref:00D4000000086fU.5004000000BqhIq:ref ]

Dear Alex,

thank you for your e-mail.

Unfortunately, the current virus database version may detect the mentioned virus on some legitimate applications. We can confirm that it is a false alarm. We would like to inform you that the false positive will be removed in the next Definitions update. Please update your AVG and if a new Definitions update was downloaded, check whether the file is still detected.

We are sorry for the inconvenience.

Best regards,

Michal Skara
AVG Customer Services

website: http://www.avg.com




Sincerely Yours,
ToolbarStudio Team



Copyright Softomate, 2011. All Rights Reserved
Terms of Service | Privacy Policy