The high-powered StopBadware.org coalition criticizes the free version of the AOL 9.0 software program.
The high-powered StopBadware.org coalition has slapped a "badware" label on the free version of the AOL 9.0 software program.
The group, which is funded by Google, Lenovo Group and Sun Microsystems, accused AOL of installing additional software without telling the user; adding components to the browser and taskbar without disclosure; automatically updating software without user consent; and making the AOL 9.0 software difficult to fully uninstall.
"We currently recommend that users do not install the version of AOL software that we tested," according to a report
released Aug. 28 by StopBadware.org.
The recommendation is a serious blow to AOL, which is already struggling with user privacy problems related to the recent disclosure of search data
of more than 650,000 users.
The report said the AOL 9.0 software comes bundled with a number of additional applications, including RealNetworks RealPlayer, Apple Computers QuickTime, AOL Youve Got Pictures Screensaver, Pure Networks Port Magic, and Viewpoint Media Player.
Click here to read more about Googles funding of the StopBadware.org coalition.
For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.
Apart from this sole reference, the user would not even know that several of these programsnamely, Youve Got Pictures, Pure Networks Port Magic, and Viewpointwere installed on the computer unless the user went to the Add/Remove Programs feature, because these programs do not appear to install any links or files on the desktop or Start menu, the report added.
The group said the StopBadware.org tests of AOL 9.0 found that the company uses pop-up notices to force users to download new versions of software.
"Since this dialogue box has only one buttonUpdate Nowand there is no X in the upper right-hand corner, the user [has] no way to close this box without clicking Update Now. Moreover, this box appears on top of any other windows the user has open, taking up about 1/12 of the users screen, which makes this dialogue box almost impossible to ignore," the group said.
Forcing users to perform certain actions in this manner is unacceptable behavior, the report said.
It also chided the company for adding the AOL Toolbar to users Internet Explorer browser without warning. "Telling the user after the fact that a toolbar has been installed and then providing them with uninstallation instructions is not adequate disclosure," the group said.
StopBadware.org said the AOL 9.0 software also adds two additional icons to Internet Explorers default tool bar without adequate disclosure during the installation process.
Click here to read more about "badware" accusations against Kazaa and others.
The coalition also found that it was difficult to fully uninstall the AOL 9.0 software. "After uninstalling AOL and all of its bundled components using Add/Remove Programs, at least two AOL processes continue to run: AOLServiceHost.exe and AOLHostManager.exe. It is unacceptable for AOL processes to continue to run after AOL has been uninstalled by the user," StopBadware.org said.
The coalition, which is managed by Harvard Law Schools Berkman Center for Internet & Society and Oxford Universitys Oxford Internet Institute, discussed its findings with AOL and said the company plans to take steps to address the criticisms.
"With regards to uninstallation, AOL says that a design flaw in the uninstaller mistakenly leaves executables running, even after a restart. The company says it is working on a fix, and in the meantime, that the executables do nothing even though they are running," the group said.
AOL joins a list of dubious companies in the "badware" category. The coalition previously used the label on controversial peer-to-peer application Kazaa, rogue anti-spyware program SpyAxe, download manager MediaPipe and screensaver utility Waterfalls 3.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.