Adware Tries to Climb Out of the Muck

By Larry Seltzer  |  Posted 2005-07-25 Print this article Print

Opinion: What's going on with anti-adware and -spyware products reclassifying adware programs? Part of it is that some adware vendors are trying to clean up their act.

I was a little surprised when Microsoft started reclassifying adware programs in its anti-spyware software to less severe levels. But I was downright curious when Sunbelt Software started to do the same. A controversy erupted over the weekend when Sunbelt reclassified some programs from notorious adware vendor WhenU to a less severe rating of "low" and a default recommendation of "ignore" (as opposed to "remove").

This was the same move that Microsoft made with several adware vendors and was done for what is claimed to be the same reason. Microsoft said it re-examined the software it reclassified, most prominently GAIN from Gator Software, and changed it to "ignore" in order to make it more consistent with Microsofts standards and how it classifies other programs.
Read more here about Microsoft reclassifying adware programs.
They did not go into detail about how GAIN or any other reclassified programs related to their standards, and the only document Im aware of that discusses their standards doesnt go into detail on how a program merits one level or another.

Sunbelt generally isnt as well-known as Microsoft, although it is very well-known in anti-spyware circles, partly because it went to the trouble some time ago of attempting to define what spyware and adware are, and to some degree what the company would do when it encountered them. Microsoft and others have stuck their toes in these same waters.

All of the documents Ive seen have been heavy on the definition of spyware and light on the standards for classification. Sunbelts document makes reference to classification, but not in a systematic way. When Symantecs attempt at classification came out, I criticized it for being designed to formulate a score, thinking this was an overly simplistic approach. But maybe Symantec has it right, since an obvious application of a score is to tie certain program actions to specific scores (for example, delete if the score is eight or higher, recommend removal if between four and seven, recommend ignoring if less than four).

But in any event, standards such as this can put you in a tough spot, and there Sunbelt found itself last week when it became clear that WhenU had reworked some of its programs so that under Sunbelts criteria and standard practices, they would no longer merit a default action of "remove," but rather of "ignore." This Sunbelt did.

The company explained the examination and decision process in great detail in a document it published (PDF form). This alone puts Sunbelt way ahead of Microsoft, with its response to its GAIN controversy. Its also worth noting that Sunbelt reclassified some but not all of WhenUs programs, and it did not reclassify the main problem application, Save! (aka SaveNow),which delivers targeted pop-up ads to users based on their browsing habits.

What I think is most interesting about Sunbelts action is that it also showed that the companys standard treatment for "adware bundlers" is a classification of "low" and a recommendation of "ignore." Adware bundlers dont necessarily, on their own, perform adware functions, but they may install actual adware, with or without permission from the user. WhenUs ClockSync program, one of those reclassified, is an example of this in that it doesnt display ads, but it may install Save!/SaveNow.

Eric Howes of the Web site SpywareWarrior, who is also a consultant to Sunbelt, says it would be an overreaction to treat an otherwise innocuous program with the same degree of severity as one that it subsequently installs. But he said he sees the problems with the situation. If we assume that the user who sees the ClockSync classification is running Sunbelt Softwares CounterSpy or some other program of the companys, surely they also would see the more serious classification if it installed Save!/SaveNow. This would argue for the approach Sunbelt has taken, since the user will see the right classification when it needs to be seen.

Howes does say, and I agree, that perhaps in the end, the whole category of adware bundlers needs to be reclassified up. Perhaps theres an intermediary level between "ignore" and "remove" that could bridge the gap.

Neither Sunbelt nor Microsoft compromised themselves to the degree that Aluria did when it certified WhenU as "spyware-safe." That went completely over the top, although Aluria claims to have its own standards.

But I dont want to spend too much time trying to accommodate companies that have historically abused their customers computers even if they are trying to conform with the letter of the rules they should be following. Were still in the early stages of setting these standards, and we cant let mistakes bind us to bad practices. I think most of us can think of adware the way Potter Stewart thought of pornography: We know it when we see it.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. He can be reached at Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog. More from Larry Seltzer
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel