"These people are still not telling the truth. This software has been tested several times in the last few days and has been verified as a Rogue. It is on average detecting around 300 valid registry entries as threats, then telling user they need to purchase the full program to repair these errors.Total scam on top of the deceit already admitted to. Do not try this software!"
Sean is probably referring to other sources such as the many adverse comments here, and there are certainly other people coming to the same conclusion: "CertifiedBug" reported that the software found "171 threats/corruptions" in one particular test. Isn’t that an awful lot of threats? Well, yes, and "detection" of hundreds of imaginary threats is certainly characteristic of many rogue (fake) antimalware products. To be fair to Orbasoft, though, and whether they deserve fairness or not, this doesn’t sound like the out-and-out badness we’re accustomed to encountering with blatant rogue anti-malware like Antivirus 2009. A great many reports at mywot.com and at siteadvisor.com, (which is also lavishly spammed by Orbasoft at one point, it seems) suggest that the program is actually doing something a little different. According to some of these observers, it’s flagging cookies (pretty much any cookie, by the look of it) and what it perceives to be registry corruptions, though several reports suggest that it’s flagging entirely legitimate registry keys as malicious: if this is indeed the case, then letting the Orbasoft program have its way (apparently that’s not an option in the free version, but that’s not unusual for an evaluation version of an antispyware program) is almost certainly going to result in significant damage.
Clearly, there is a problem here, irrespective of the legitimacy of the company and the application (which doesn’t seem to be a fake), whether it’s in communication or in implementation. In fact, it looks as if the app bases detection on presumed bad file hashes, registry GUIDs, and presumed suspicious paths and filenames.
The company has opened up a limited dialogue with reviewers over at SiteAdvisor, but seems reluctant to answer certain questions publicly. Let’s hope they’re prepared to look at the problems the app seems to be causing them as well as their customers, and determine whether their detection algorithms need serious overhaul.
Meanwhile, I’m interested to note a perceptible rise in other comment spam getting through our filters to the approval stage: mostly, these are comments complimenting us on the quality of our blogs (though in such general terms – generic social engineering – that it’s pretty clear to me that the spammer hasn’t actually read them) and incorporating links to meds sites or to a movie promotional site. It seems that one very high profile electronics and media company might have moved on from rootkits for Digital Rights Management to comment spam to promote underperforming movies. Way to go, guys…
David Harley BA CISSP FBCS CITP
Author David Harley, ESET