March 22, 2004
16 Austin Rd. Apt. #2
Medford, MA 02155

Mark J. ******, et al, Inc.

Dear Mr. ****** :

I am writing on behalf of the CounterExploitation web site,, to address the concerns raised by your letter dated March 12, 2004, and received March 16, 2004. I currently act as the technical point of contact for the CounterExploitation web site. As you may know, one of the primary purposes of this Web site is to provide information regarding the detection and removal of a variety of software technologies. We aim to provide information that is helpful and accurate, while maintaining an opinionated style and personal touch. The CounterExploitation web site is a non-profit hobbyist project that is created and maintained in the author's limited spare time.

In your letter dated March 12, 2004 and received March 16, 2004, it is alleged that the CounterExploitation web site contains “improper characterizations” and “offending content” regarding the Corporation (“”) and the Client Software (“Software”). The letter further alleges that the web site contains “false and misleading statements” concerning and the Software. Your letter cites the following specific examples, which you allege constitute “falsehoods”:

As you have astutely noted, the cited article is linked as an unverified letter from an anonymous user, and is presented as such. The letter cites a number of issues that the user believed may have been related to the installation of the client, including the disappearance of a logical drive, loss of Internet access, and the appearance of a RUNDLL warning dialogue reporting a missing Newdot~2.dll file. Since the maintainers of CounterExploitation and other sites have, through the course of the past several years, discussed and analyzed the Client Software and its possible modes of failure at-length and have not observed any such mode that would directly result in the “loss” of a logical drive, we are willing to remove the user's letter from the site. However, as a purely technical point, it is not uncommon for a modern computer to contain more than a single physical drive, nor for a physical drive to be split or “partitioned” into multiple logical volumes. (For the record, I should also note that at no point does the user letter directly associate the hard drive issue with the Software, declaring only that the failures mentioned occurred together.)

With no disrespect intended, the above paragraph appears to make statements not present in the original document; “putting words into our mouths”, as it were. At no point does our web site accuse of “lying”, nor use any variant of this term. Your letter goes on to take issue with our example of marketing the subdomain '' as a top-level domain name displayed as ''. We have used this example to help illustrate the difference between a “domain name” and a “subdomain”. However, after taking issue with this example, your letter goes on to state that names “do, in fact, resolve as fourth-level subdomains”, precisely as illustrated in the '' example.

It appears that you are aware of the fact that names are not valid Internet domain names. While we understand and acknowledge that, Inc., posts legal disclaimers to this effect on its web site, we believe that the wording of such statements fails to adequately notify the customer that a significant percentage of Internet users will not be able to resolve the name. We in addition note that, despite your own admission that names are not domain names, the web site consistently uses the terms “domains” and “domain names” to refer to these fourth-level subdomains. This has been noted during a visit to the web site on March 16, 2004.

To avoid confusion between the Internet DNS1 and the services offered by, Inc., throughout the remainder of this letter I will use the term “domain name” to refer to a valid Internet domain name resolved via the standard DNS root servers, and “keyword”2 to refer to a name that exists only within, Inc.'s proprietary namespace. We feel that the textual information provided publicly on the, Inc. web site fails to adequately differentiate between domain names and keywords. We further feel that we are well within our legal rights in expressing this opinion. This opinion has been formed due to the repeated use of the terms “domain” and “domain name” in reference to keywords, as well as numerous consumer complaints we have been made aware of alleging that the consumer was not adequately informed of the difference between a keyword and a valid Internet domain name.

To this end, I would like to take a moment to examine the disclaimer provides on the web site. At the very bottom of the homepage, specified in a 10-pixel absolute font size, is the following message: “ domain names are accessible by persons that use one of our partner ISPs to access the Internet or who activate their browsers. This number is limited now, but growing daily.” It is interesting to note that this statement does not actually state that anyone is not able to access keywords; for example, by stating that “ domain names are only accessible by persons that use one of our partner ISPs to access the Internet or who activate their browsers.”. As previously mentioned, this statement continues to use the term “domain names” to refer to keywords.

The availability of the same name in multiple namespaces makes possible a condition known as a namespace collision, in which multiple parties simultaneously “own” the same name. The result of this condition is that the name would sometimes resolve to one site, and sometimes another, depending on the specific computer system or Internet Service Provider in use at the time. The situation would also promote disputes over the ownership of the name, and make it possible for one person's assigned name to direct Internet users to an unrelated site of unknown repute, or even a competitor. We feel that the Web site fails to adequately inform potential customers of the very real possibility of namespace collisions, and the potential consequences of such collisions at such time that any top-level domain extension already allocated within the proprietary namespace becomes part of the official DNS structure. CounterExploitation is informed and believes that, Inc. has allocated names with top-level domain extensions, including, but not limited to, .law, .travel, .xxx and .kids, which “already overlap with applications to ICANN for new TLD introductions” (Source: Keeping the Internet a Reliable Global Public Resource: Response to "Policy Paper", 20013).

With regard to the foregoing, we feel that the opinions expressed on the CounterExploitation web site constitute lawfully protected speech. However, in order to provide additional clarity and demonstrate good will, the text on the CounterExploitation web site will be revised to clarify our position.

Your letter also objects to our inclusion of the phrase 'sleight of hand' when pointing to a linked article located at . This phrase refers directly to the linked article, and is in fact a direct quote from the article. We have been provided with no reason to question the lawfulness of the opinions expressed in the aforementioned article.

Finally, the above paragraph goes on to state that “those subdomains are the property of the user and cannot be taken way” (sic). It is unclear why you have taken the time to make this assertion. At no point does the CounterExploitation web site make any statement regarding the ownership of names within the namespace.

A cursory inspection of the discussion forum located at on March 16, 2004 shows the following threads in which a user specifically complains of being banned from the forum after expressing negative statements about the company or products:

We are confident that, if necessary, we would be able to obtain a significant body of accounts from witnesses to administrative actions taken against vocal critics, both in the current forum software and previous iterations of the forums. It is also notable that many posts criticizing are removed from more heavily-trafficked areas and deposited in a special “Rants & Raves” forum located near the bottom of the forum list, regardless of where they were originally posted. Although this forum is designated as the appropriate forum for “Compliments, including testimonials, and complaints”, it is interesting to note the dearth of positive statements in this forum--these, unlike negative statements, seem to remain where they are posted. However, since you feel the wording on our web site is unclear, it will be changed to read: “...respondents have reported having posts deleted or being banned from the forum after making negative statements about the company or its software.”

Historically, CounterExploitation has fielded complaints from numerous users indicating that they did not request the software and did not know how it came to be on their computers. However, since the newest procedure documents received on March 16, 2004 with your original letter indicate a goal of more prominent disclosure of your software, we will remove the word “surreptitiously” from our characterization of's software bundling practices. For the record, we feel that the information we have provided concerning the distribution of the software is accurate as of the time of publication.

CounterExploitation is the originator and inventor of the word “foistware”. We coined this term specifically to refer to unsolicited or “bundled” third-party software which did not meet the definitions of existing terms such as “adware” and “spyware”. We have been careful to avoid any reference to the software as “adware” or “spyware”. As such, we do not feel that referring to your software, which is bundled with unrelated third-party software, as “foistware” constitutes a misconception on our part, nor do we feel that this statement places us in a legally actionable position.

At no point does the text you have cited, nor the remainder of the document, indicate that is not “forthcoming about how to uninstall its software”. In fact, the “Removal” section of's document begins with the following text:

Removal Procedure:

The NewDotNet software places a reference in Windows' Add/Remove Programs dialogue. It is recommended that you use this to remove the program, as explained in more detail in the FAQ.

The site informs the viewer of two (2) methods of removing the software immediately preceding the statement you have cited as stating that is not “forthcoming about how to uninstall its software”.

This statement, which you have selectively quoted, states in full: “For some reason their lawyers don't want anyone linking to it, so shh! (Technically, we have linked to a page which links to it. Scan down and find the link to the uninstaller, which will have a name like uninstall#_##.exe)”. This statement refers specifically to a prominent legal disclaimer displayed in connection with the uninstaller which expressly forbids distributing or linking to the uninstaller. A visit to the Support web site located at on March 18, 2004 confirms the placement of the following text, displayed in a red font in all capital letters, closely following a link to the uninstaller:


In keeping with the CounterExploitation web site's entertaining, opinionated and sometimes humorous writing style, the comment you have cited refers to the irony of this prominent warning in the context of a “forthcoming” removal procedure, as well as the unfortunate fact of American society's level of reliance on lawyers and legal statements. The statement is a “tongue-in-cheek” method of expressing the factual observation that the author has avoided incurring the legal liability implied by's statement by linking to a document that in turn links to the uninstaller, rather than linking to the uninstaller. However, since you have demonstrated displeasure with this statement, we will, as a demonstration of good will, revise this text to clarify our position. We are confident that you will find the revised text substantially less amusing.

We at this time ask you to substantiate your assertion that claims on the CounterExploitation web site regarding known compatibility issues “are not true”. The specific software issues mentioned on the CounterExploitation web site are well documented. It is unclear whether you are suggesting that we are part of an elaborate conspiracy to fabricate evidence of software compatibility issues--including the ability to control the contents of third-party publications such as the Microsoft Knowledge Base--or that the latest versions of said software products, coupled with the latest version of the client, will no longer experience compatibility issues, and for this reason, assert that we have no legal right to mention compatibility issues that may be experienced by users not running the most recent version of both the client and the third-party software. With regard to the former, your letter goes on to specifically acknowledge your awareness of compatibility issues known to have existed between the software and two (2) third-party applications, Microsoft Internet Security and Acceleration (ISA) and an unspecified McAfee product.

We feel that factual historical information about companies and products is an important tool to help consumers make informed decisions and resolve problems. We also feel that it is unreasonable to assume that all users are running the most up-to-date version of each software program on their computers. Since you appear to assert that all of the known compatibility issues listed on the CounterExploitation web site are resolved by installing the latest versions of the software and the third-party software, we will revise this section to make very clear that the compatibility issues listed refer to older software versions. However, we have no intention of censoring factual historical information from the CounterExploitation web site.

Before addressing technical points, I shall first elucidate the process by which a reader of the CounterExploitation web site would arrive at the “Manual NewDotNet foistware removal” document. Beginning at the section entitled “Removal” on CounterExploitation's page of information regarding the software, the reader is first directed to use the Windows “Add/Remove Programs” feature, is directed via hyperlink to the FAQ located at, and is provided with detailed directions on locating and using the Windows “Add/Remove Programs” feature. In the event that the reader has missed this, the line immediately following consists of the following in bold text:

The supplied Add/Remove option has been known to fail in some circumstances. If this happens, recommends that you e-mail support or phone them at (626) 229-7800. As the software is being constantly updated, removal information on this Web site can easily become out-of-date.

The above-cited text also contains a hyperlink to the technical support e-mail address. In the event that the reader has missed this prominent bold text as well, or is still unable to resolve the issue, the reader is next directed to a page describing a total of four (4) free, software-agnostic Winsock repair tools. These tools are designed to correct errors in the Layered Service Provider (LSP) configuration on a Microsoft Windows operating system regardless of their cause, including errors that may be entirely unrelated to the software.

If, after neither the “Add/Remove Programs” uninstall service, technical support, nor the third-party repair tools are able to resolve the issue, the reader is directed once again to the web site, this time to download and run a stand-alone uninstallation program.

It is only after having been presented with a total of seven (7) methods of either removing or deactivating the software that the reader will see the following line:

Two manual removal procedures (easy and hard) are available For Reference only. Use without the advice of is not sanctioned by us or

A hyperlink in the above sentence allows the user to reach the Manual removal document.

If, notwithstanding the foregoing, the reader has continued past all seven (7) of the methods outlined above and continued to the “Manual NewDotNet foistware removal” document, or has accessed this document directly via hyperlink from another site, the reader will see the following text preceding the contents of the document, in a bright pink italic font one size larger than the document text (relative HTML font size “+0”):

By comparison, the notice on the web site informing potential customers that domains are available to "persons that use one of our partner ISPs to access the Internet or who activate their browsers" is displayed at the very bottom of the page in an absolute font size of 10 pixels, which corresponds to xx-small in CSS font size notation or "-2" in relative HTML font size notation.4

As stated within the document itself, the actual text of the removal instructions contained within the “Manual NewDotNet foistware removal” document was originally published by, Inc. As a gesture demonstrating good will, we are willing to remove the removal information contained within the “Manual NewDotNet foistware removal” document. It will be replaced with a document which, while factually detailing changes made to the Windows Registry by the software, will be void of imperative language such as “remove”, “rename”, or “edit”.

After raising the specific issues presented above, your letter goes on to address a number of conceived misconceptions regarding the purpose and functionalities of the software, which we will address below.

At no point does the CounterExploitation web site accuse the software of data mining, nor does the CounterExploitation web site at any point refer to the software as spyware. The CounterExploitation web site does not assert, nor has it ever asserted, that the software “capture[s] keystrokes, a history of websites visited, personally identifiable information, screenshots, or passwords.”

The CounterExploitation web site contains information regarding specific versions of the client software which displayed pop-up advertising for a venture called the Search Portal (“Firstlook”), and CounterExploitation can provide evidence to back this claim as necessary. This information was accurate at the time it was published. The text relating to advertising features associated with the software and Firstlook will be modified to make clear that the software no longer displays pop-up advertising. Again, however, we do not intend to censor a factual historical record.

Please refer to our comments regarding the use, definition and origin of the term “foistware” above.

As previously stated, the CounterExploitation web site specifically documents three (3) official software removal avenues provided by, Inc. The web site makes no statements regarding the ease, or lack thereof, with which the software can be removed using any of the three (3) official procedures. CounterExploitation takes issue with's assertion that well-documented Internet connectivity issues historically associated with the software have been “typically caused by the end-user having used an incorrect procedure to uninstall the Software or one of its components.” A common failure mode in some earlier versions of the client software caused the client system to lose Internet connectivity after the client attempted to install an automatic update via the Internet. Such an update could occur weeks or months after the initial installation of the client on the user's computer, and occur in the background without specific notice to the user. For these reasons, a user experiencing this failure mode would be unlikely to associate the failure with the prior installation of the client, and thus, unable to correct the failure despite the availability of technical support and uninstallation features.

CounterExploitation also takes issue with's statement that issues resulting from deletion of files are “no different than the standard problems that can arise when an end-user improperly attempts to uninstall virtually any software application.” The software belongs to a class of software products known as Layered Service Provider (LSP) applications. Due to their low-level integration with the underlying operating system, LSP applications present unique difficulties not characteristic of the vast majority of common end-user software such as office applications, imaging software and media players.

This section touts the security features of current versions of the software at length, including the addition of code signing. However, at no point does the CounterExploitation web site state that the client's Web-based update feature downloads or installs unsigned code, nor does it make reference to security issues associated with the installation of unsigned code, such as DNS poisoning or man-in-the-middle vulnerabilities.

This section appears to question the integrity of third-party technical resources referenced by the CounterExploitation web site, including, but not limited to, the Microsoft Knowledge Base. We acknowledge and understand that you are entitled to your opinion. However, CounterExploitation has no reason to doubt the accuracy of information published by these third-party technical resources. Additionally, CounterExploitation is not affiliated with, and does not control the content of, third-party technical resources. If has concerns regarding the accuracy of information provided by third-party sites, we recommend contacting the third-party sites directly to address these concerns.

In closing, we note that your certified letter specifically implies the threat of legal action by notifying us of pending litigation initiated by, Inc. against “an anti-spyware software publisher”, directly followed by the statement that “will not tolerate” the information currently published on the CounterExploitation web site. We take this matter very seriously. In light of this, we have acted to amicably address's allegations in a timely manner by provisionally removing the contested document pending resolution of this matter. We have further agreed to address a number of's concerns by making revisions to the contested document and supporting materials. Such revisions shall not be construed as admissions of wrongdoing or inaccuracy on the part of CounterExploitation.

We feel that this letter has attempted to satisfactorily address each of the concerns expressed in, Inc.'s letter dated March 12, 2004. An updated version of the contested materials will be submitted for your review within the next seven (7) business days. Please do not hesitate to contact me with any additional information, questions or concerns that you may have. This letter is sent in good faith without prejudice to any of CounterExploitation's rights or remedies in this matter, all of which are expressly reserved.

I look forward to hearing from you soon.

Respectfully submitted on March 22, 2004,
Timothy R. Gipson

CounterExploitation -

1The Internet Domain Name System (DNS) standard was created in 1983 by Paul Mockapetris as a platform-agnostic method to replace numeric Internet Protocol (IP) addresses such as “” with easier-to-remember text strings such as “”. One of the original Internet standards, this system stores domain resolution information on thirteen redundant “Root” servers across the globe, which in turn propagate their data to a larger number of secondary servers.

2Similar keyword namespaces have been implemented by companies such as CommonName and the (now-defunct) RealNames. The major difference between these services and that offered by, Inc., is that the namespace structure mimics the structure of the DNS by separating keywords into a “name” and one of a limited number of short “extensions” seperated by a period (“.”).

3Please refer to

4Please refer to;