Why is the PopCap loader identified as a security threat (http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_POP.A)?

I have noticed that they chose to use some sort of encryption for the location of the data file that the loader downloads... Maybe someone cracked that encryption? I am sure adhominem or raptisoft can answer with more detail....

This happened to Retro64 too with the first revision of our web loader. I never figured out why :( I suspected that it was because it downloaded and ran an exe, but it couldn't download from other sites.

All of Reflexive's OLD installers were falsely identified as a threat a while back... Scared the hell outta a bunch o' folks (in my immediate vicinity). I imagine the security threat status will be changed at some point, because I seriously doubt popcap is doing anything malicious...

I agree that PopCap wouldn't be doing anything malicious. However, the date on the info is Nov 16, 2004 - more than enough time to clear up any confusions.

It almost looks like this was an old version of PopCap's loader... based on this chart - 1 year of tracking (http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GName=ADW%5FPOP%2EA&VSect=St&Period=1y)

According to Dave Haas - link (http://games.slashdot.org/comments.pl?sid=129871&threshold=1&commentsort=0&tid=208&mode=thread&pid=10844787#10847631) ,
"This is a case of Trend Micro falsely reporting our PopCapLoader ActiveX component as an ad-ware installer. We are in contact with Trend Micro right now to get this issue sorted out. Rest assured that all of our games, both deluxe titles and web-based ones, are free of ad-ware."

It also seems that searching for popcap or adw_pop in all of Trend Micro's pages and in their virus database yields no results... only way I can get to it is via the link you provided... (which shouldn't be possible), but perhaps it is just an old archived listing... ?

In short... I have no idea.

-Tim

Why is the PopCap loader identified as a security threat (http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW_POP.A)?

Well, if you look at the statistics for this threat, you'll see that the reported infections petered out some time ago. Meaning, an infection was only reported when someone with dated definitions runs a scan. Once the definitions were updated, the program would no longer detect such things. Trend Micro removed the "threat" from their database after the mistake was brought to light. :)

benno