Submission + - trend micro constantly 'sampling' your files (self_reporting_no_url.com) 1
os: windows 7 (yes yes, i know...)
situation:
the issue started while i was 'tail -f' the access_log on a server i'm working with. my system has a simple website and a standalone app that will hit the server via url with a handful of parameters for settings, one of those being a guid.
the problem:
i started noticing log entries for urls coming from the client app, with my guid, but not coming from my ip address. additionally, it was only the requests coming from the client app, not those starting in the browser. the duped requests would come from multiple ip addresses, all starting with 150.70.xx.xx. obviously, this is concerning. i am not going through any cloud services or using any proxies. i traced the ip addresses (ie: 150.70.172.106, 150.70.64.195, 150.70.75.33, etc) and they all pointed to Trend Micro Inc. i do have trend micro installed for anti-virus software, and as far as i could tell.. it was working fine and fairly lightweight. any reporting or proxy settings i have turned off. so i made a call.
after bouncing through a few people, i ended up with a guy trying to explain that they are trying to insure the 'web reputation' of the sites i was visiting. if that were the case, i pointed out, then you would echo the url calls originating from my browser. i can update my browser page and see it in the access_log immediately. no echoes. but when i issue urls from the stand alone client, i see an echo within 90 seconds.
it gets worse:
at this point he said he was going to need to see the screen to confirm what i'm seeing (?!). i asked how he'd do that, he said he'd take a screenshot and it would be sent to his machine (?!). i asked how and he said their software would do it if i allowed him to. obviously, i wasn't happy. that shouldn't even be an option. he backed away from this quickly.
the other shoe:
after another chorus of 'why the hell are you sending my internet traffic to your servers', he said trendmicro routinely samples files on the system and sends them to their malware experts for analysis (?!). he explained that they randomly sample from those files that have changed... bundling them up... and sending them to their servers every 3 hours. he tried to assure me that no 'sensitive' information was being sent from my machine (suuure...), just some random samples so the 'malware experts' can look for malware.
ip theft:
being a software developer, i write code that is copyrighted, at least by me, as i create it. for them to be 'sampling' the files that have changed essentially has them stealing my source code so their 'malware experts' can look through them. yes, i know... that's a lot of files and they aren't watching *my* files... but my name is on the trend micro license. if they wanted to, they could monitor one person's files without an issue.
i might be having a small cow over this issue, but i don't think it's unwarranted. it sure seems like spyware to me. if not, i'd love to know the difference, besides incorporation papers and a phone number.
thoughts?