Ben Edelman, a Harvard University student who monitors the spyware scourge, said the inclusion of 180solutions in COAST was problematic from the start. In fact, Edelman said, Webroot and PestPatrol detect and remove the 180solutions application. "For a fee, COAST is certifying controversial providers of allegedly unwanted software, dramatically complicating the role and duties of COAST and its members. COAST staff are providing favorable quotes in 180 press releases. Who can users trust?" Edelman argued. Edelman has published a detailed research report with evidence of installation practices by 180solutions that are "outrageous and unethical." Among other things, Edelman found that 180solutions took advantage of known security vulnerabilities and failed to provide adequate disclosure notice.PestPatrols Curry confirmed that there were problems with legacy software released by 180solutions but insisted that COAST could be used to positively influence the companys business ethics. "With viruses, youre dealing with malicious people. But in the spyware industry, youre dealing with legitimate companies with known investors. Its very valuable to reach out to them and set up guidelines for them. COAST was moving in that direction and having a positive influence," Curry insisted. However, Webroots Stiennon argued that 180solutions had not yet improved its installation practices. "They just promised to improve with a new version thats due out in the next 60 days. We dont know for sure," he argued. He said the companys n-CASE adware program, which is bundled with freeware applications, remains listed as one of the top three spyware threats most frequently identified by Webroots Spy Audit tool. Edelman told eWEEK.com that COAST was always on tricky ground when it decided to get into the business of certifying companies that market spyware applications. "Deceptive installations can be hard to find. On what basis would an organization certify a companys practices as improved? That the organization hasnt observed any bad practices in recent history? What if they just havent been looking in the right places?" he argued. "Certification is all the trickier when the certifying authority has a clear financial interest in issuing the certificate," Edelman added, noting that membership in COAST amounted to an annual fee of less than $10,000. "Certifying any company on the basis of promises rather than actual reformed behavior is a bad idea. But thats exactly what COAST did with 180certifying 180 on the basis that 180 has agreed to work with COAST to improve its practices, but not that 180s practices have already improved," Edelman said. Officials at COAST and 180solutions did not respond to queries for comment. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
"Indeed, in my testing, 180s installation practices remain among the worst in the industry," Edelman said.