Jack Writes:StopBadware.org, the consumer protection initiative developed to combat spyware, today released its first "Badware Watch List" report, spotlighting a number of companies that embed malicious spyware without the online user's knowledge or consent.
The report is the first in a series to be released by Harvard Law School's Berkman Center for Internet & Society and Oxford University's Oxford Internet Institute as a part of an ongoing effort to battle malicious spyware programs.
"Since the launch of stopbadware.org in January, we've heard from more than one thousand consumers about problems with badware and we've taken those complaints seriously," said John Palfrey, co-director of StopBadware.org and Executive Director of the Berkman Center for Internet & Society at Harvard Law School. "Today, we're shining the spotlight on four applications pointed out by consumers that failed our test for badware in our lab. Our intention is for these reports to help consumers make a more informed decision before they download one of these applications. And we hope our work will encourage these and other application developers to clean up their act."
"Other companies that follow similar practices beware: This is just the beginning of what we hope to identify and publicize," said Palfrey.
Whether spyware, incessant pop-ups or other obtrusive programs, badware today plagues millions of people by turning their computers into machines to spy on them and steal their personal or private information. Unlike viruses and worms, badware becomes embedded in a computer by downloading games or software or just by visiting certain websites.
According to a recent Pew Internet & American Life Project, roughly 59 million American adults today have badware on their computers. Problems related to badware forced home computer users to spend roughly $3.5 billion in 2003 and 2004 to replace or repair their hardware, according to Consumer Reports.
With the advice and input of a panel of research experts, StopBadware.org isolated seven categories of behaviors that many users reported as unwanted in software they download: deceptive installations, unclear identification, harm to other computers, modifying other software, transmitting user data, interfering with computer use, and being difficult to uninstall completely. Badware is software which engages in these behaviors without adequately disclosing that fact to the user and without seeking the user's consent. In addition, there are some classes of behavior which cause irreversible harm to a user's computer - software which engages in these behaviors also constitutes badware, regardless of whether the behavior was disclosed to the user.
Stopbadware.org examined four applications reported by consumers who submitted stories and technical reports and have added them to the "Badware Watch List." The first, KaZaa, is a peer-to-peer file sharing program that misleadingly advertises itself as spyware-free, makes undisclosed changes to Internet Explorer, and does not completely remove all of its components during the uninstallation process. The second application, called MediaPipe, identifies itself as a "Download Manager." MediaPipe does not fully disclose what it is installing and does not completely remove all components and "obligations" during the uninstallation process.
The next application examined, SpyAxe, advertises itself as a spyware removal program. StopBadware.org found it to be badware due to inadequate disclosure during the installation process, the failure to remove itself completely during uninstallation, and repeated, difficult-to-avoid requests to purchase the full version of the product. The final application, Waterfalls 3, is a screensaver, and includes components that are generally considered spyware, and modifies other software without disclosure.
Launched on January 25, 2006, StopBadware.org's consumer- driven online community serves as a central resource to help educate people about badware and spotlight those companies who embed these programs into downloadable software applications. Internet users can visit StopBadware.org to check whether programs they want to download are infected with badware and alert others to programs they have encountered that include malicious software such as spyware, incessant pop-up ads or other obtrusive programs. StopBadware.org will continue to collect information from the public and to publish short, user-friendly reports on programs they have identified as badware, as well as more detailed academic studies on the problem of badware.