English Suomi Svenska Deutsch Français Italiano Japanese

  
 
home
support issues.gif
virus-probs.gif
documentation
downloads
Online Services
contact us

home users

Product Support


F-Secure Internet Security 2006 - Back to FAQ list

 

 

Spyware Issues

Q8. Is Backweb spyware?

No. Backweb is a tool. It is a client-server content distribution and management application, which allows vendors to pro-actively distribute content to their users. Companies like Compaq, HP, McAffee, F-Secure, Western Digital, Logitech, Kodak and IBM are some of BackWeb´s customers. Each of these vendors bundles a customized BackWeb client into their products, which are shipped to their end users. These companies use the BackWeb client to distribute drivers, software updates, patches and critical information from a secure server at their site directly to their users' hard-drives.

One of the DLLs that are launched by the BackWeb process is the ‘IadHide3.dll’. This DLL is critical for the proper functionality of the BackWeb client.

The DLL is registered as a Windows system-wide hook (using the standard Win32 API) and traps the following events:

  • Keyboard activity
  • Mouse activity
  • Applications - opening and closing of processes

All the above events are not logged to any device (disk, network, etc.). The fact that activity occurred and its timing is reported to the BackWeb client (running on the same machine). The BackWeb client uses these events to:

  • Display pop-up flashes (also referred to as a BackWeb Flash, executed BALI script, or Sprite) in a polite manner, i.e., only if the user was not active for a certain (configurable) amount of time. Whenever a keyboard or mouse event is trapped the user is considered to be active, and no pop-up Flashes are displayed.
  • Disable pop-up flashes and communication when certain (configurable) applications are running. Similarly, if a full-screen application (such as a PowerPoint presentation) is running, the Client disables pop-up Flashes.

The DLL notes only the occurrence of the most recent usage of the keyboard and mouse so it knows when to trigger BackWeb activity, but it does not record the actual usage information itself such as, which key on the keyboard was used or icon was clicked with the mouse.

Some Anti-Spyware vendors view this as unacceptable and remove the BackWeb from your computer, which in the case of F-Secure Internet Security it will stop the downloading of updates.

<Previous question Next topic >

 
Be Informed

Weblog: News from the Lab
Security Center
Upgrades and Trials

Product Upgrades
Product Trial Versions
Tools

Virus Removal Tools
Online Virus Scanner