Tag Archives: Ben Edelman

Microsoft’s Antispyware Turns Neutral on Claria?

(Sorry, a few days late with this.) Further to the reports of talks between Microsoft and adware maker Claria (formerly Gator), spyware/adware expert Ben Edelman points to a website discussion that highlights an apparent conflict of interest should Microsoft Buy Claria: What would Microsoft’s own anti-spyware software make of Claria’s adware?

A Dozleng.com post reports that Microsoft’s Anti-Spyware Beta now recommends that users “ignore” Claria. To confirm this result, I downloaded Claria’s DashBar and Precision Time products, then installed MSAS, all on a fresh virtual PC that hadn’t previously run any of these programs. MSAS’s recommendation and default action was “Ignore.”

In contrast, when last I ran MSAS on a PC with Claria software installed, MSAS recommended removing these same programs. This is exactly the kind of conflict of interest I worried about three paragraphs above — but I didn’t anticipate how quickly this problem would come into effect!

There are some more comments collected here. One website, Sunbelt Software, which receives updates from Microsoft but has its own inhouse research lab, reports that the change in recommendation from Quarantine or Remove to Ignore took place on March 31. Sunbelt’s Alex Eckelberry writes:

At any rate, does this mean that Claria will, in fact, be purchased by Microsoft? Not necessarily. It could mean, however, that the two companies are working together in some other capacity, or that Claria has successfully lobbied Microsoft to change the default action. Or, it’s a simple oversight.

I can’t help feeling that if it was an oversight, it would have been corrected by now. And, as Ben Edelman points out, it’s not possible to check a list of Microsoft’s decisions on this kind of thing, where Microsoft lets users know what’s no longer being detect etc.. .

Compare Microsoft’s neutral ‘Ignore’ recommendation with nearly all other antispyware/adware programs that do, according to the Spyware Warrior website, detect Claria products, and, where they make a recommendation, suggest they be removed.

Bottom line? I’m with Ben: I think whatever bits of Claria Microsoft is interested in, conflicts of interest rear their head and the company’s efforts to burnish its image as security guardian will be lost, virtually overnight.

More On Trusting Google’s Sponsored Links

Further to my earlier post about whether one can trust Google’s Sponsored Links, here are some notes from a chat with Ben Edelman, an expert on spyware:

Ben says legally it’s a difficult area: For Google, the sponsored links are just ads, not any kind of endorsement at all. But users have the sense that Google won’t accept ads from fraudsters, and users rely on this notion of quality. From users’ perspective, Google is breaking its own policies and failing to live up to its good name.”

Ben’s advice to users interested in a sponsored link:

  • Do not trust sponsored links as to spyware removal applications;
  • Do not trust sponsored links too much in general. For some keywords, merchants and sites are self-authenticating — clearly ford.com is who it is. But don’t take presence on the sponsored link list as a good indicator of trustworthiness. Sponsored links can be bought. In contrast, Google’s organic results (the ones at the left of Google search results) are not for sale. The organic results can (mostly) only be earned by putting up good web sites and getting others to link to those sites.

I asked him, whether it was his impression that rogue anti-spy is a growing industry, or more generally, software that claims to do one thing, but does another (instead of, or in addition)?

Ben’s answer: Yes. and those who need/seek spyware removal are, demonstrably, at particular risk of being taken advantage of. They’ve already been taken advantage of, may be easier to trick gain. [They] are feeling vulnerable, in a hurry to get software to fix their problems etc

Very good point. And good advice. Don’t be in a hurry to fix a problem if rushing it may make it worse. Don’t trust a link just because it’s on a Google page. (That goes for all links, but as Ben points out, a high link on the main Google search results list is there because a lot of people have visited it; a link on the right is there because someone has paid for it.) And think hard before you install anything, and ask yourself: Is this going to make my life easier? Or harder?

WhenU’s Popup Victory

WhenU, now known as Claria, has won what it calls an “important decision for the entire Internet industry” in its motion to enjoin the Utah Spyware Control Act, passed in March. WhenU had argued the Act “affects legitimate Internet advertising companies and therefore violates the First Amendment and dormant Commerce Clause of the United States Constitution, among other laws”. (Here’s a CNET story on the verdict.)

If I understand the ruling correctly (and this is based largely on Ben Edelman’s assistance), the judge has ruled that, in this particular law, Utah was unconstitutional in trying to limit popups, while it was within the constitution in trying to outlaw spyware — or more specifically, software that is installed without a licence and lack a proper uninstall procedure. As the judge did no want to break the act in half he ruled in favour of a preliminary injunction for WhenU. Ben, who works as a consultant for the Utah government, reckons WhenU could lose on appeal, since under Utah law, the judge “is obliged to regard the act as ‘severable'” — in other words, that he can keep parts and discard parts.

Avi Naider, WhenU’s Chief Executive Officer, meanwhile, is celebrating his victory. “Spyware is a problem and we want to put an end to it,” he says in a press release. “WhenU supports appropriate anti-spyware legislation at the federal level, but unfortunately Utah’s Act also impairs legitimate Internet advertising.”

Popups Never Die, They Just Mutate

In response to my post yesterday, a reader suggested that with the proliferation of pop-up ad blockers in browsers and toolbars, who needs to worry anymore about ‘contextual’ ad services like WhenU?

Since I installed the Google toolbar, I’ve forgotten what a pop-up looks like. Since I installed Win XP SP2, the “pop-ups blocked” counter on the Google toolbar hasn’t moved. In a few years, you’ll be writing a column called “Remember Popups?”

Not quite yet, unfortunately. Ben Edelman, an expert on privacy issues and a critic of services like WhenU, tells me: “WhenU doesn’t use these methods at all. Rather it uses client-side software, and popup stoppers just don’t stop this. And they can’t, easily, given 1) the way popup stoppers work, and 2) the way WhenU works.”

I’ll be looking more at this in a future column, but for now, yes, popups as we know them needn’t be much of a bother. But meantime the contextual ad industry continues, with companies like Popstitial (looked at in another earlier post) and IntelliTXT (looked at here) raising the bar.

Utah, WhenU And Pop-Up Poaching

The spyware war continues.

Ben Edelman, an expert on spyware, reports that “WhenU, a major provider of programs that show pop-up ads according to users’ web browsing activities, yesterday filed suit seeking that Utah’s Spyware Control Act be declared void and invalid.” WhenU effectively poaches browser real-estate by plopping its ads above those of others without the permission of the website.

Ben says: “I’ve followed the act and believe it would provide substantial assistance to consumers facing an increasing barrage of pop-up ads.”

It’s an interesting issue: If Utah’s new act kicks in, will it just be folk like WhenU who will be affected? On Monday, April 19, the FTC will hold a workshop on spyware, Ben says. Here’s the agenda (PDF) and written comments, along with Ben’s own (PDF).