STRANGE TALES FROM THE WORLD OF ADWARE/SPYWARE

It’s easier when the world is black and white. In that world, all adware/spyware is easy to identify, it’s always bad, and the people distributing it should be jailed.

And in fact, those things are true. But recently a rash of news stories have made it clear that we will not always be able to count on help to eradicate the scourge of adware/spyware from our lives.

– Adware/spyware is big money. Here’s a list of major investment firms supporting US-based spyware companies. The chart itemizes the tip of the iceberg – a total of $139 million invested in the companies behind 180solutions, Claria/Gator/GAIN, OfferOptimizer, BargainBuddy/Bullseye, and many others.

– Gator (currently named “Claria Networks”) was and is the source of tremendously obnoxious adware/spyware, including the spyware package GAIN, an important part of why Kazaa became unusable.

A top-ranking Claria executive has been appointed to the Department of Homeland Security’s “Data Privacy and Integrity Advisory Committee”.

Let me repeat that: an executive for the same company that sued websites for calling its product spyware, buries ridiculous demands in its EULA, has a history of using stealth installation techniques to mislead customers, and has been sued by a half-dozen web publishers for being a “parasite”, is now advising the government on privacy and integrity.

It’s worth noting that the Chief Privacy Officer for the Department of Homeland Security itself used to work at DoubleClick, another notorious piece of adware/spyware.

– Some adware/spyware distributors are well-funded and increasingly aggressive. iSearch and iDownload are typical adware/spyware programs – but they’ve been sending out cease and desist letters to antispyware vendors, alleging disparagement and trying to intimidate the antispyware vendors into omitting their programs. (Lest you have any sympathy, here’s an article by an ABC New reporter about his experiences in iSearch hell.)

– WhenU is typical malicious, obnoxious adware/spyware. But it partnered with Aluria, a vendor of antispyware software, which promptly certified WhenU to be “spyware-free.” That’s bad enough – but then AdAware distributed an update that omitted WhenU from its database without explanation and the fur really started to fly. There’s still no good explanation for AdAware’s action.

– California enacted antispyware legislation last year which was completely ineffective. It ignored virtually every bad practice used by the companies harming the most computer users. Fourteen states are currently considering antispyware legislation; most are modeled on the California legislation. Meanwhile the federal government is considering antispyware legislation which is so weak it will do more harm than good – precisely as it did with the CAN-SPAM act, which actually authorized spam e-mailers to inundate you after making only trivial changes in their habits.

– The antivirus vendors are completely flummoxed. It’s simply a different problem than dealing with traditional viruses. Dealing with adware/spyware is hard. McAfee’s antispyware product is weak. Symantec doesn’t have anything worthwhile shipping and doesn’t claim to have anything good in the pipeline.

This battle is only going to get uglier. It’s not teenage hackers any more, it’s deadly serious guys in suits spending large amounts of money to invade your privacy and corrupt your computer.

The short version of the rules for safe computing:

– Run Windows XP Service Pack 2 and periodically make sure recent updates have been installed.
– Keep your antivirus program up to date.
– Run Microsoft Antispyware. If you suspect something has been overlooked, supplement with a scan by AdAware or Spybot or SpySweeper.
– And the most important thing after you’ve got those in place – don’t install add-ons or free programs on your computer unless you are absolutely, 100% convinced that they come from a trusted source.

Be careful out there!