Why does Mail.Ru develop spyware software?
Everyone knows that there are programs with modest names, such as “Yandex.Zaschitnik” and “Guard@Mail.Ru”. And if the first is not yet so cardinal in its work, then after installing the second program (its installation is usually carried out without the consent and knowledge of the user), you will either have to strictly use only those Internet services that you will be “offered” by this application, or spend own resources to deactivate this software.
Where are the roots of the problem?
Everyone can learn about this on the website of the aforementioned Mail.Ru.
For example, at sputnik.mail.ru/partner there are offers for soft-hosts, vendors, software developers, etc., so that for a certain “share of the benefits” they contribute to the distribution of such a “convenient” user interface element as Sputnik@Mail.Ru.
Already this fact makes one wonder why this Mail.Ru administration is so eager to reward everyone who helps the company in distributing this product, if it is so good and easy to use? Unless everyone can install it on their own, download the installer from the official site of Mail.Ru? Why do we need such drastic measures?
The answer to this question is very simple - this product is not so good. The installation of Sputnik@Mail.Ru also includes the installation process on the computer of the Guard@Mail.Ru program. The program will be installed without the knowledge and direct consent of the user, will “reserve” its own service, and will run automatically with the operating system.
')
What is Guard@Mail.Ru program?
After my searches, I never received an official response from Mail.Ru representatives to this question. But a long experience in the computer field could not remain silent. What is the actual actions of the Guard@Mail.Ru program?
I explain. After installation (or during installation, depending on the version of the installer), the fact of unauthorized access to data is obtained on the computer. More precisely, the main functionality of this program is to damage the user's Internet browser settings. Thus (we are talking about at least IE, Chrome, Firefox, Opera browsers): Mail.ru Search will be installed by default (Mail.Ru will also be set as address bar search, which cannot be fixed using the browser interface), added 3 bookmarks on Mail.ru services, it becomes impossible to view extensions in the Firefox browser and remove the Mail.Ru panel from the interface of all browsers, this is not a complete list of such destructive interventions (more about this you can read: How Guard.mail.ru works ) . In short, all actions of the “Guard@Mail.Ru + Sputnik@Mail.Ru” program package are reduced to dirty advertising of Mail.Ru services and make it impossible to use alternative services from other companies . Impossible - in the literal sense of the word, n-d: after installing Guard@Mail.Ru, by means of this program, the panel from Yandex will be removed from browsers (if any), in the IE browser, the Bing search, without the user's knowledge, is replaced by Mail.Ru. In the latter case, all requests for a search in Bing to requests for a search in Mail.Ru are banal and overwhelmed. By the way, I wonder how this will be put into Microsoft when they find out.
What are the ways to spread this spyware?
As I wrote at the beginning of this article, in most cases Guard@Mail.Ru and Sputnik@Mail.Ru are installed on a computer without the direct knowledge of the user when installing other software, distributors of which cooperate with Mail.Ru.
Also interesting is the case when another program - the browser from our “all used” Mail.Ru with the dubious name “ Internet ” tries to install on a computer directly from the Internet. That is, the installation is carried out without first downloading the program to the installer’s computer and launching it. Here is the skin, when OS security guards were able to interrupt the installation process.
As you can imagine, the installer was downloaded to the computer, in the temporary files folder, as a result of the activation of a malicious script. It only remains to assume on which of the partner sites Mail.Ru this script was located, and what would happen to the computer as a result of a successful attack.
What are the consequences?
I’ll say right away that it is not so easy to defeat Guard@Mail.Ru, and it is IMPOSSIBLE provided you use standard Windows configuration management tools. Based on this, people who do not have sufficient competence in IT and do not want to use the services of professionals, that is, most people, have to do on the Internet what Mail.Ru says. Since everyone, I have known antivirus programs do not have a job to Guard@Mail.Ru. (Why? For a long time to tell.) I, personally, regard this as a conscious and planned attack on freedom on the Internet.
Before us, ladies and gentlemen, is spyware that harms the system more than many viruses, but for creating and distributing it, Mail.Ru remains unpunished.
Where are the roots of the problem?
Everyone can learn about this on the website of the aforementioned Mail.Ru.
For example, at sputnik.mail.ru/partner there are offers for soft-hosts, vendors, software developers, etc., so that for a certain “share of the benefits” they contribute to the distribution of such a “convenient” user interface element as Sputnik@Mail.Ru.
Already this fact makes one wonder why this Mail.Ru administration is so eager to reward everyone who helps the company in distributing this product, if it is so good and easy to use? Unless everyone can install it on their own, download the installer from the official site of Mail.Ru? Why do we need such drastic measures?
The answer to this question is very simple - this product is not so good. The installation of Sputnik@Mail.Ru also includes the installation process on the computer of the Guard@Mail.Ru program. The program will be installed without the knowledge and direct consent of the user, will “reserve” its own service, and will run automatically with the operating system.
')
What is Guard@Mail.Ru program?
After my searches, I never received an official response from Mail.Ru representatives to this question. But a long experience in the computer field could not remain silent. What is the actual actions of the Guard@Mail.Ru program?
I explain. After installation (or during installation, depending on the version of the installer), the fact of unauthorized access to data is obtained on the computer. More precisely, the main functionality of this program is to damage the user's Internet browser settings. Thus (we are talking about at least IE, Chrome, Firefox, Opera browsers): Mail.ru Search will be installed by default (Mail.Ru will also be set as address bar search, which cannot be fixed using the browser interface), added 3 bookmarks on Mail.ru services, it becomes impossible to view extensions in the Firefox browser and remove the Mail.Ru panel from the interface of all browsers, this is not a complete list of such destructive interventions (more about this you can read: How Guard.mail.ru works ) . In short, all actions of the “Guard@Mail.Ru + Sputnik@Mail.Ru” program package are reduced to dirty advertising of Mail.Ru services and make it impossible to use alternative services from other companies . Impossible - in the literal sense of the word, n-d: after installing Guard@Mail.Ru, by means of this program, the panel from Yandex will be removed from browsers (if any), in the IE browser, the Bing search, without the user's knowledge, is replaced by Mail.Ru. In the latter case, all requests for a search in Bing to requests for a search in Mail.Ru are banal and overwhelmed. By the way, I wonder how this will be put into Microsoft when they find out.
What are the ways to spread this spyware?
As I wrote at the beginning of this article, in most cases Guard@Mail.Ru and Sputnik@Mail.Ru are installed on a computer without the direct knowledge of the user when installing other software, distributors of which cooperate with Mail.Ru.
Also interesting is the case when another program - the browser from our “all used” Mail.Ru with the dubious name “ Internet ” tries to install on a computer directly from the Internet. That is, the installation is carried out without first downloading the program to the installer’s computer and launching it. Here is the skin, when OS security guards were able to interrupt the installation process.
As you can imagine, the installer was downloaded to the computer, in the temporary files folder, as a result of the activation of a malicious script. It only remains to assume on which of the partner sites Mail.Ru this script was located, and what would happen to the computer as a result of a successful attack.
What are the consequences?
I’ll say right away that it is not so easy to defeat Guard@Mail.Ru, and it is IMPOSSIBLE provided you use standard Windows configuration management tools. Based on this, people who do not have sufficient competence in IT and do not want to use the services of professionals, that is, most people, have to do on the Internet what Mail.Ru says. Since everyone, I have known antivirus programs do not have a job to Guard@Mail.Ru. (Why? For a long time to tell.) I, personally, regard this as a conscious and planned attack on freedom on the Internet.
Before us, ladies and gentlemen, is spyware that harms the system more than many viruses, but for creating and distributing it, Mail.Ru remains unpunished.
Source: https://habr.com/ru/post/149636/
All Articles