Netbus Freed Of More Shackles...

The home team has scored again, 2 point shot this time. Both Symantec and Panda Software have given in to pressure and have removed Netbus Pro from their respective Anti-Virus products. This has been tested and confirmed in Panda Anti-Virus Platinum, Norton Anti-Virus 2000 and NAV Corp edition 7.0 with the latest updates.

This is a major coupe for Netbus since Symantec, one of the big names in Anti-Virus, has been a major blockage in the general acceptance of Netbus Pro as a serious tool for remote administration. Their change in attitude is a surprise since at one point they wouldn't even return UltraAcces.net's (the makers of Netbus Pro) phone calls. Since the beginning it has been an up-hill battle to remove Netbus from erroneous Anti-Virus detection. These 2 companies, added to NAI limiting detection to thier command line version and Webtrends changing thier listing to 'Remote Admin Tool', voice the opinion that Netbus Pro is no longer an 'Evil Hacker Tool' and is finally being looked at it for what it is.

NetBus Pro was released on 02.19.99 and was immediately added to most Anti-Virus vendors detection list based upon an inaccurate advisory issued by the ISS on the same date. In this advisory, ISS states that NetBus Pro is "infectious", when in actuality, it is not. (View the advisory at http://xforce.iss.net/alerts/advise20.php)

When one looks at the case of Netbus Pro versus the Anti-Virus industry, you can see how petty and blind these companies have been. The original Netbus (Ver 1.X) was definatly meant as a trojan for malicious purposes. However, there was merit in the work, a small, cheap remote administration product can be a very useful tool. The technology was sold to UltraAcces.net and was re-written into NetBus Pro (ver 2.X). This was marketed as a remote administration tool and it was packaged as such. The 'Stealth' feature could only be turned on with local access to the system otherwise a tray icon would be present, removing the possibility of receiving the server via E-Mail and not knowing it was there. (Check http://www.ultraaccess.net/html/faq.html for yourself) This change in programming meant that it behaved like most other 'legitimate' remote administration software. The only thing that Netbus Pro can be blamed for is having a name with a negative history, but in the words of the immortal bard. "A rose by any other name would smell as sweet". If the detection of Netbus pro was based entirely on the name (as it seems to be), then how stupid and simple can they be. Let the the programs actions speak for themselves.

The reason for listing Netbus Pro seems to be becoming more and more prevalent and it seems to be two fold. It has been proven that the Anti-Virus industry just follow one another based upon customer demand. When one person adds something to their detection list, the others follow, even if it has no valid reason to be there, especially if a large client wants it there. Check out http://www.hackernews.com/bufferoverflow/99/avscanning.html and you will see, as with the example of l0phtcrack, that you can see the effect a single large company can have on the industry as a whole.

The second reason that Netbus seems to have been listed is that many of the Anti-Virus vendors have their own interests at heart. Look at the two major names in Anti-Virus (Symantec and NAI) and their product lines. You will notice that they have their own 'Remote Administration' products for sale at a significantly higher price than Netbus. I wonder if these large corporations can be trusted to keep their objectivity? Apparently not.

Personally I find this points to an un-acceptable situation where one company can make a decision that can literally make or break a product, and since it is replicated by other companies, it is VERY difficult to reverse. These companies decisions can reach even deeper than to the program makers, it can also affect the end-user in negative ways.

Anyone who has followed my site over the last few months has heard of the case I've championed of the New Zealand hospital vs Netbus Pro where 2 gentleman were dismissed from their jobs at a New Zealand Hospital IT department for testing Netbus Pro as a remote administration tool. (more details at http://www.AntiAV.com/NZrant.html). This case is proof that a decision that a program was 'bad' can adversly affect a persons life. Since this decision has been changed by some of the biggest names in Anti-Virus and the product is still the same, does this mean that these New Zealand gentleman did no wrong? Should be interesting to find out.

The Anti-Virus vendors have far too much power over what is labeled dangerous and what is not. The public expects Anti-Virus companies to protect them from harmful programs and yet they omit many remote administration tools and 'Spyware' apps that in the wrong hands, as with anything, can be very dangerous (More details at http://www.antiav.com/chart.html). There needs to be a certain measure of accountability for their listings. A regulatiory agency needs to be established, a kind of Better Business Bureau for Anti-Virus companies where complaints can be made and dealt with as a whole, rather than this situation of dealing with each company separately. Rough math shows that if UltraAcces.net lost even 1 registration per day since ISS posted it's advisory and listings began, they have lost over $8500 (US) for this whole debacle. This may not seem like a lot but to a small company it's significant. Abuses of power are what sparked revolution in countries and cost leaders their heads. I think that it is time that as consumers of Anti-Virus protection we tell our vendors that they should let actions speak and judge a program by what it does rather than a name, a reputation, or any other shallow reason. They have done this too long and hurt good people. No more!