how-to block ads
|
|
Uniqs:
2244 |
Share Topic
 |
 |
|
|
|
2 edits | Yahoo Gives Adware a Pass Hi All:
You all might remember the announcement a few days ago about the new beta of Yahoo's Toolbar, which reportedly included spyware detection (supplied by Pest Patrol):
»Yahoo Toolbar Beta
Yahoo Toolbar Combats Spyware
»www.eweek.com/article2/0,1759,1602374,00.asp
Well, Dave Methvin of PC Pitstop noticed that Yahoo provides nearly one-third of the income for Claria. See Claria's S-1 filing for details:
»www.hoovers.com/free/co/secdoc.x···ttach=on
That information, of course, immediately raised concern that Yahoo might be reluctant to target one of its own partners. Unfortunately, those suspicions appear to have been confirmed:
Yahoo Gives Adware a Second Chance
»www.eweek.com/article2/0,1759,1605586,00.asp
said by eWeek:
In its spyware-fighting tool released in beta last week, Yahoo Inc. left out for automatic detection a category of often-unwanted software for which its paid search division has a financial stake.
Yahoo's Anti-Spy beta for its browser toolbar doesn't include adware by default when it scans users' systems for unwanted programs. Instead, to include adware, users must check a box each time they conduct a scan.
Among the programs the Sunnyvale, Calif., company classifies as adware are controversial ones from Claria Corp. (formerly The Gator Corp.) and WhenU.com Inc., two common targets of spyware critics who say the companies trick users into accepting unwanted downloads and flood machines with pop-up ads.
While users can scan for adware, they have to enable the detection first, and many will likely not know to do that or will not understand the full implications of not checking the box to scan for adware. By forcing hapless users who have already been victimized by software they did not fully understand to be savvy enough to check for "adware," Yahoo is itself exploiting users' ignorance of their computers and unwanted advertising software more generally to protect one of its own commercial partners.
This is exactly what I feared when I wrote the following in my review of Panel 4 at the FTC's Spyware Workshop ( »FTC Spyware Workshop: 1st Impressions ) -- a panel which included a discussion of other similar industry initiatives (such as Earthlink's and AOL's provision of anti-spyware software to their customers):
said by Eric L. Howes:
The largest problem with the industry reponses to "spyware" and "adware" is that, coupled with their publicly expressed interest in defending advertising software, they move us closer to an online world in which consumers are utterly dependent on and at the mercy of paternalistic corporate entities who dominate and control every aspect of their online experiences, effectively nullifying the promise of the internet to provide citizens and consumers with an unprecedented level of autonomy in a communications medium. As the consolidation of large media firms into large oligopolies -- which already own most of the largest ISPs, cable providers, DSL providers, and content providers, not to mention phone companies who control large swaths of the hardware backbone of the internet itself -- proceeds at a breakneck pace, it is not unreasonable to anticipate that we are not that very far from an online world that is divided up into several large corporate fiefdoms. These proprietary online empires could set strict limits on the kinds of content or software allowed over their proprietary networks, structure every aspect of their customers' "online experience" to channel consumers into their own e-marketing services, and exploit advertising software themselves to push unwanted commercial content down on users, even as they provide protection against "unapproved"/"unauthorized" advertising software from other properietary networks and entities. (...)
Thus, while such online giants would be expected to provide protection against advertising software from other online entities with whom it had no established commercial relationship, these giants would likely see fit to exploit the technology themselves to force their own commercial content down on users caught within the web of their oligopolistic networks. These online giants already see themselves as gatekeepers of sorts, controlling access to attractively large pools of consumers. In such an environment, the distinction that the industry seeks to make between illegitimate "spyware" and legitimate "adware" would simply be reproduced on a much larger level as these online media giants embedded their own preferred and protected forms of advertising software into the software layer of their networks and took steps to shield their captive customers from competing, external commercial messages.
Now, Yahoo's decision to exempt "adware" from automatic detection is not quite as drastic as the future I laid out in my earlier post, but Yahoo's move clearly demonstrates the danger of relying on commercial entities who have a commercial interest in putting advertising before their users and customers. Indeed, in my review of Panel 5 ( »FTC Spyware Workshop: 1st Impressions ) I called attention to a similar move by Microsoft with respect to spam :
said by Eric L. Howes:
If you doubt the potential dangers of this scenario or arrangement, then you ought to read the following report from Reuters about Microsoft's plans to sell space on a "whitelist" of "legitimate marketers" whose unsolicited commercial messages will be allowed past Microsoft's spam filters on Hotmail and MSN:
»money.excite.com/jsp/nw/nwdt_rt.···20040505
Replace "spam" with "spyware" or even "advertising software" and convert the "spam"/"legitimate marketing" dichotomy into "spyware"/"adware" and you'll begin to get a sense for why I am wary of the efforts of large ISPs to assume the role of protecting their customers from "spyware."
If nothing else, Yahoo has clearly demonstrated the risks of assuming that "industry self-regulation" (the preferred solution of the industry and the FTC) will provide internet users with robust protection against unwanted, invasive advertising software.
Best,
Eric L. Howes
| | |
|
approval from:
jaykaykay 
| This is a very sad, very self-serving move by Yahoo. I think their toolbar is nothing but a publicity stunt. Judging from all the google news alerts I've seen on it in the last week, it appears to be a successful one.
Mike Healan
www.spywareinfo.com | |
1 edit | reply to eburger68
Hi All, again:
I just had to call attention to several statements from Yahoo's spokesperson on this:
said by eWeek:
Yahoo spokeswoman Stephanie Ichinose said the toolbar beta integrates PestPatrol's software but did not know whether PestPatrol's own application also requires users to specifically select adware for detection.
"What this is all about is providing the users with visibility into their computer and to help them manage it as they see appropriate," she said.
That is classic PR talk -- an attempt to hide objectionable corporate behavior behind words that initially appear to say something "consumer friendly" but which, upon closer inspection, turn out to be meaningless. The fact is that Yahoo's decision has nothing to do with enhancing "consumer choice" (which is the industry line she's doing a variant of) and everything to do with protecting Yahoo's business arrangements from hapless consumers who being exploited by one of its partners. (Word to the wise: whenever industry reps start talking about "choice," "flexibility," or "innovation," you can be sure that nothing in what they're saying is in your best interest.)
said by eWeek:
As far as Overture's relationship with Claria, she said Overture screens its distribution partners to make sure they gain user permission before downloading software.
Now we have yet another company attempting to hide behind clearly inadequate notice and disclosure practices. See PC Pitstop's research on Claria/GAIN users:
PC Pitstop: Survey Says: Gator Users Didn't Know
»www.pcpitstop.com/gator/Survey.asp
»www.ftc.gov/os/comments/spyware/···stop.pdf (FTC comments)
And, for good measure, their similar findings with respect to WhenU users:
PC Pitstop: WhenU Survey
»www.pcpitstop.com/spycheck/whenu.asp
»www.ftc.gov/os/comments/spyware/···stop.pdf (FTC comments)
Yahoo is simply trying to exploit the same, self-serving adware vs. spyware distinction that the industry reps on Panel 1 at the FTC Spyware Workshop were pushing in order to exempt themselves and their software from critical scrutiny. See my comments on Panel 1 for more details:
»FTC Spyware Workshop: 1st Impressions
I sincerely hope that Yahoo's users can persuade Yahoo to reverse course and change this default behavior in its new toolbar while it's still in the beta stage.
Eric L. Howes | |
 dpPremium,MVM
join:2000-12-08
Greensburg, PA
kudos:7 | said by eburger68:
I sincerely hope that Yahoo's users can persuade Yahoo to reverse course and change this default behavior in its new toolbar while it's still in the beta stage.
That's going to be a tough one 
--
Write your questions down on the back of a $20 dollar bill and send them to me | |
| reply to eburger68
There are two important points that are being publicized here, and I hope this one is not buried: Yahoo is providing nearly a third of Claria's income! I talked with Matt Hicks yesterday and my spin on the subject was that Yahoo was trying to play both sides for profit.
We all know that the adware/spyware distinction isn't much of a distinction at all. In the end, nearly all this software is installed on PCs without the user being aware and therefore without adequate notification of the license. By that measure, there's no reason to break out "adware" for special treatment.
Ideally, Yahoo would say "We didn't realize when we bought Overture that they were doing business with Claria, we'll stop that right now." But if Claria is making about $30 million from the Overture deal, Overture may be making about the same. I doubt they have the will to stand on principle when that much money is involved, unless they see significant negative publicity from the relationship. | |
| I would just like to applaud the efforts of Ben and Dave is as industry watchdogs in putting all the pieces together and to others for helping to spread the information.
I have learned in my own past experiences that sometimes companies become so large that communication becomes fuzzy. While one dept is working hard to generate public good-will other Dept's in the same company are screwing them trying to build their bottom line numbers. I do believe bringing this information to the public is a service to the company and its stockholders before they let things get out of hand.
We saw the positive results at Google when they clamped down on WhenU and hopefully we'll see Yahoo respond in kind.
Keep up the good work!
Thanks!
Bill | |
| It made me sick to read this thread, I just wanted to throw my machine away and forget about the web, then I thought why should these**^^*^** win.
I did notice that in their application they [according to many people who come here, spywareinfo and spyware warriors and other places for help]have lied in stating that people agree to their programme in return for ADS.
Go here to read, every time I try to copy I lock up
»www.hoovers.com/free/co/secdoc.xhtml?i..
When will it get through these advertisers heads that we don't want their ads rammed down our throats.
It would be nice to know what these free programmes are and how much these multi million companies paid them. Oh I forgot these are their own programmes. oh well. | |
| 
GAIN top 10 pest | 
sneaky spying Gator |
said by lincolngreen:
It made me sick to read this thread, I just wanted to throw my machine away and forget about the web, then I thought why should these**^^*^** win.
Couldn't have said it any better than that!
-
First we had sneaky Gator, now we got sneaky Yahoo. Perhaps sneaky PestPatrol too?
According to this article:
»www.eweek.com/article2/0,1759,1605589,00.asp
(The distinction between spyware and adware is determined by the vendor, PestPatrol).:(
-
Since GAIN(Gator) is classified as adware by PestPatrol, GAIN is NOT INCLUDED in the scan by Yahoo.
- Here is my challenge to PestPatrol:
If you got the balls, change your classification of GAIN from adware to spyware!!! Thereby forcing all GAIN(gator) stuff to be found on peoples computers.
- | |
dpPremium,MVM
join:2000-12-08
Greensburg, PA
kudos:7 | reply to eburger68
For all us Yahoo users, let them here your comments: »add.yahoo.com/fast/help/us/compa···cgi_beta
--
Write your questions down on the back of a $20 dollar bill and send them to me | |
| reply to eburger68
Hi All:
I've been looking into Yahoo's Anti-Spy application a bit more. There are several disturbing aspects to this anti-spyware application.
The biggest problem is that Yahoo provides no precise definition of "adware" or how it is distinguished from "spyware" or the other software detected by default. In fact, it gives no indication whatsoever why "adware" ought to be included or excluded from a scan. The Anti-Spy GUI provides no help on these issues (see attached screenshot), and the online help pages (see »help.yahoo.com/help/us/companion/psr/ ) are completely vague. In particular, see the following "help" pages from Yahoo:
What will Anti-Spy find and remove?
»help.yahoo.com/help/us/companion···-12.html
What are spyware and adware, and how did I get these and
other unwanted programs on my computer?
»help.yahoo.com/help/us/companion···-16.html
When I tested Anti-Spy on my computer, there was one surprising finding: it flagged Flashget, the download manager. (See attached screenshot.) It correctly identified it as a BHO, but the mere existence of a BHO doesn't say much of anything about whether the app in question is "spyware" or "adware." Anti-Spy didn't flag the Adobe Acrobat BHO. In fact, the Yahoo Companion itself uses a BHO.
Now, Flashget has a "free" ad-supported version as well as a for-pay version without any advertisements. The version installed on my box is the for-pay version -- no ads whatsoever. Even the ad-supported version is much more akin to the arrangement that Eudora uses -- the advertising support is clearly flagged (see »www.amazesoft.com/reginfo.htm ). Look around the Net -- you'll find few complaints if any at all about Flashget.
Nonetheless, Anti-Spy flagged it, even when I left the "Also scan for adware" box unchecked. Which raises the question: why is Anti-Spy flagging Flashget, even in a non-adware scan, when Gator and WhenU are being given a pass?
As Yahoo's help pages point readers to Pest Patrol for more info (see »help.yahoo.com/help/us/companion···-24.html ), I did some checking on the Pest Patrol "pest info" page ( »www.pestpatrol.com/pestinfo/ ).
Setting aside the out-and-out malware categories, we are left with:
Detected by default:
BHOs
»www.pestpatrol.com/pestinfo/brow···ject.asp
Dialers
»www.pestpatrol.com/pestinfo/dialer.asp
Hijackers
»www.pestpatrol.com/pestinfo/hijacker.asp
Spyware
»www.pestpatrol.com/pestinfo/spyware.asp
Not detected by default:
Adware
»www.pestpatrol.com/pestinfo/adware.asp
Note that I'm assuming that Anti-Spy is using Pest Patrol's categories exactly as listed. Compare the list of what's not detected by default (adware) vs. what is detected by default (spyware, dialers, hijackers, bho's).
Still further, there appears to be overlap between the categories -- some "pests" are classified in more than one category. For example: 2nd Thought is classified as both "adware" and a "hijacker" -- see »pestpatrol.com/pestinfo/other/2n···ught.asp . What is Anti-Spy doing in the case of category overlap?
The BHO's category is esp. problematic, as it includes a number of apps like Flashget that I would have classified either as innocuous or as one of the other categories (spyware, adware, hijacker).
The Adware category is also disturbing as it includes a good number of apps that are routinely the subject of complaints from users in forums like SpywareInfo, ComputerCops, Cexx.org, Net-Integration, and so forth. Moreover, the definition of "adware" on Pest Patrol's pages...
said by Pest Patrol:
Adware: Software that brings ads to your computer. Such ads may or may not be targeted, but are "injected" and/or popup, and are not merely displayed within the form of an ad-sponsored application.
...does not at all address the question of notice and disclosure provided during installation. Given the above definition, Yahoo has no business whatsoever singling out adware for special treatment based on some assumption that such software is more "consumer friendly," which is what Yahoo's spokesperson seemed to be implying in her statements to the press. Of course, Yahoo doesn't provide a precise definition of adware in its help pages and Yahoo's spokesperson passed the buck to Pest Patrol.
What we really need to know is:
* Does Pest Patrol look at all at the issue of notice/disclosure during installation when deciding whether to classify something as "adware" vs. "spyware" or "hijackware"? Or are those definitions purely functional in the sense that they describe what the software actually does (display ads vs. hiajck browsers, etc.)?
* If notice/disclosure is considered, what are the criteria?
Yahoo has made a big mistake here in separating out the Adware category for special treatment.
Best,
Eric L. Howes | |
| eburger68 said:
What we really need to know is:
* Does Pest Patrol look at all at the issue of notice/disclosure during installation when deciding whether to classify something as "adware" vs. "spyware" or "hijackware"? ...
Evidently not! Here is an except from Pest Patrols Information page on GAIN(Gator)...
»pestpatrol.com/pestinfo/g/gain.asp
-
(I just highlighted a few things in bold)
"Gator" is the name of the company producing this set of software ("The Gator Corporation") It is also the name of a free tool that comes bundled with other components. Most users and Internet sources refer to the entire package as "Gator." Since only the main ("Gator") module is at all visible to the user, and since it is inextricable from the other components, referring to the entire offering as "Gator" seems reasonable.
Gator The main software, autocompletes Web forms. (Note that IE users likely have no need for such a component, since IE has included an AutoComplete feature since version 5.0).
OfferCompanion. This is the advertising spyware module. It is responsible for recording info on your Web browsing habits, uploading info to the Gator advertising server, and downloading and displaying pop-up ads.
Trickler (fsg.exe, fsg-ag.exe, fsg*.exe) An "install stub", a small program that is installed with the application you really wanted. (Gator almost always appears on your system due to installing OTHER software, and not the installer available from Gator's website.) When installed, Trickler inserts a Run key in your Registry so that it is silently and automatically loaded every time you start your computer. Trickler runs hidden and very slowly downloads the rest of Gator/OfferCompanion onto your system. It is suggested by some that this "trickling" activity is intended to slip under the user's radar, the steady, low usage of bandwidth going unnoticed. While often named fsg.exe, Trickler can go under other similar names, such as fsg-ag.exe (installed with AudioGalaxy) or another name containing "fsg" or "trickler".
GAIN (GMT.exe, CMESys.exe, GAIN_TRICKLER_*.EXE) GAIN is short for Gator Advertising Information Network, and is the newest incarnation of the Gator product.
-
If GAIN isn't SPYWARE, then what the hell is???
- | |
2 edits | reply to eburger68
Hi All:
A new article from eWeek on the Yahoo Anti-Spy controversy:
Give Yahoo a Break on This Adware Controversy
»www.eweek.com/article2/0,1759,1606431,00.asp
If you were wondering just why those of us who went to the FTC's Spyware Workshop were making such a fuss about the attempts on Panel 1 to enshrine a definitional distinction between "adware" and "spyware," this is it -- because it leads to muddle-headed, ill-informed claims such as Larry Seltzer makes in this eWeek editorial. He writes:
said by Larry Seltzer:
So, adware is somewhat sleazy, but it's on a whole different moral level than spyware, which actually spies on you, or perhaps worse. And in fact, there are people who want to run adware. (...)
It's a shame that adware and spyware get associated so closely by being scanned for by the same products. They're not the same problems.
Seltzer's effectively bought into the spyware vs. adware dichotomy that the industry has been urging on anyone who will listen. The reason the industry prefers that terminology and that definitional distinction is that it encourages people to make unwarranted assumptions about a class of software to which somebody somewhere has attached the name "adware."
What unwarranted assumptions are at work here? Several:
1. "Spyware" spies, whereas "adware" doesn't.
Wrong. Plenty of "adware" collects personally identifiable information (PII) or monitors users' behavior on the Internet. Even though most advertising software (whether you classify it as "adware" or "spyware") does use a EULA of some sort, the notice and disclosure of key behavior and functionality is almost always inadequate.
Moreover, plenty of apps classified or dubbed as "spyware" don't "spy" at all, but that doesn't make them any less objectionable. CoolWebSearch, which has been wreaking havoc on the Net for well over a year now, technically doesn't "spy" on users -- it just hijacks their computers and inflicts unwanted garbage on them (see »www.spywareinfo.com/~merijn/cwsc···les.html ).
Bottom line: "Adware" cannot be distinguished from "spyware" on the basis of "spying." (By the way, this is Myth #1 in my "Ten Myths About Spyware" -- submitted to the FTC. See »www.staff.uiuc.edu/~ehowes/ftc-c···tm#myths )
2. "Adware" uses "consumer friendly" notice/disclosure/choice practices during installation.
Several of the panelists on Panel 1 at the FTC's Spyware Workshop were pushing exactly this line, arguing that "adware" is "presumptively legitimate" because it doesn't surreptitiously install behind users' backs and because it offers notice and disclosure of key functionality in the form of a EULA.
But there are several problems with this. First, the notice/choice/disclosure practices of most "adware" are completely inadequate and don't actually ensure that such software is installed with users' full and meaningful knowledge, consent, and understanding. This was clearly demonstrated by PC Pitstop's surveys:
PC Pitstop: Survey Says: Gator Users Didn't Know
»www.pcpitstop.com/gator/Survey.asp
»www.ftc.gov/os/comments/spyware/···stop.pdf (FTC comments)
PC Pitstop: WhenU Survey
»www.pcpitstop.com/spycheck/whenu.asp
»www.ftc.gov/os/comments/spyware/···stop.pdf (FTC comments)
Most WhenU and Gator "users" were completely unaware of the software on their systems.
Moreover, if one is going to classify Gator and WhenU as "adware" because of its "presumptively legitimate" installation practices, then you better be prepared for a long line of others to join them in the "presumptively legitimate" "adware" category, including C2 Media's Lop.com software, which also presents users with a EULA during installation. The differences between Gator's installation methods and Lop.com's are not that great -- certainly not great enough to warrant classifying Gator as "adware" and Lop.com as "spyware." Indeed, Jason Lucas of C2 Media claims that Lop.com is itself "adware" -- see Lucas's submitted comments to the FTC:
»www.ftc.gov/os/comments/spyware/···ucas.pdf
Still worse, as I noted in a previous post, Pest Patrol's definition of "adware" seems to be a functional definition, not one that is predicated on notice/disclosure during installation:
said by Pest Patrol:
Adware: Software that brings ads to your computer. Such ads may or may not be targeted, but are "injected" and/or popup, and are not merely displayed within the form of an ad-sponsored application.
Thus, no one at this point has any business assuming that just because Pest Patrol has categorized software as "adware" that it has deemed its installation practices "consumer friendly," because Pest Patrol's definition does not speak to installation practices.
And this brings us to the ultimate problem with the term "adware." The word "adware" is insisted upon by the industry and declared "presumptively legitimate." Others like Seltzer pick up the term and begin making all kinds of assumptions about software that's declared "adware," and the entire issue of installation practices then disappears.
This is exactly what the industry had hoped for -- that people (esp. journalists like Seltzer) would begin using the term "adware" uncritically to give its software a free pass without bothering to look carefully as the functionality and practices of the software in question. The industry declares "adware" "presumptively legitimate," and lo and behold people start regarding it as such, just because of the word "adware." This PR game is a classic bait-and-switch and simply encourages folks to the let meaningless words like "adware" do their thinking for them.
Bottom line: the "adware" vs. "spyware" dichotomy serves no purpose other than to confuse and mislead, and the whole distinction needs to be rejected outright. (By the way, this is Myth #2 in my "Ten Myths About Spyware" -- see »www.staff.uiuc.edu/~ehowes/ftc-c···tm#myths .)
Seltzer goes on to make several other ridiculous arguments:
said by Larry Seltzer:
I think they're morons, but I have, for example, run into users who really like those browser toolbars that come with adware built in. In some cases, the program will fail if you remove the adware. (...)
I tested the actual toolbar myself. Take a look at the nearby screen shot of the interface, as it tells the whole story (click on the button to see the whole window): Yahoo Anti-Spy doesn't scan for adware by default, but it couldn't have made the option to do so more obvious. Nobody could miss that checkbox. (...)
But I bet there are people who will be happy with this setting. It's entirely possible that the number of false positives they will get because of that checkbox is much less than with the standard PestPatrol, which does scan for adware by default.
Undoubtedly there are such people, but we shouldn't be making policy decisions about what to scan for by default in an anti-spyware application based on such a minority of users, esp. given that the application is targeted at users who are less than knowledgeable about these issues.
Again, PC Pitstop's numbers are telling (see above). Don't believe that the numbers of willing users are so small? Then take WhenU's own numbers. On Panel 1 at the FTC's Spyware Workshop Avi Naider claimed that of 100 million WhenU installations, 80 million had been uninstalled. It's a good bet that of the remaining 20 million installations, well over 90 percent will be removed once those users figure out how to give WhenU's software the boot. See pp. 53-54 of the FTC's transcript of Panel 1 at the Workshop here:
FTC Spyware Workshop Transcript
»www.ftc.gov/bcp/workshops/spywar···ript.pdf
Moreover, Yahoo does not give users any information whatsoever about "adware" and why it should or should not be included in a scan. Thus, the "adware" checkbox is a complete mystery. And cautious users who don't know any better could fail to scan for a wide variety of nasty applications -- see again Pest Patrol's listing of "adware":
Adware
»www.pestpatrol.com/pestinfo/adware.asp
And "adware" is what is driving consumer complaints about unwanted advertising software. This point was driven home by Bryson Gordon's presentation of McAfee's numbers about the "growth of non-viral threats" -- see:
»www.ftc.gov/bcp/workshops/spyware/gordon.pdf
Where the lines for keyloggers, spyware, dialers, and other exploits remained stable over the course of the past year, the line for "adware" soared, leaving no doubt as to what is driving consumer complaints about invasive software.
Sadly, Yahoo has apparently decided to force users to jump through one more hoop in order to scan for this software, and it did so primarily to protect its own commercial relationships. That kind of decision deserves our contempt and scorn, not excuses.
Eric L. Howes | |
| reply to eburger68
Eric,Agree with your item whole heartedly especially your final comment.
We could give all our wages to these companies then they wouldn't have any reason to use the net, and people could get with using the net as it should be.[Tongue in cheek]
I'm battering away at my local MP in the uk to get her to take notice of the practices of these companies, but it's like banging your head against the wall. I guess money talks.
On with the battle. | |
|
