The State of New York vs. The Adware Mob

 
 
By Larry Seltzer  |  Posted 2005-04-28 Print this article Print
 
 
 
 
 
 
 

Opinion: It's about time someone called a fraud a fraud. Adware vendors who install programs on users' computers without their true permission are stealing from those users.

The main job of all state Attorneys General is to grandstand as part of a campaign for the Governorship, and Elliot Spitzer of New York is the king of this technique. There have been many cases where, IMHO, he has gone way overboard. But give credit where credit is due. Its about time someone with heavy-duty prosecutorial authority took on the lowlifes in the adware business. Given the vigilance with which Spitzer has prosecuted legitimate businesses, one would hope that he will leave no stone unturned in the pursuit of spyware and adware, which he describes as equally objectionable.
As Eric Howes of SpywareWarrior says, the techniques for which Spitzer is prosecuting Intermix have been used by the giants of adware, including Claria, WhenU, 180solutions and DirectRevenue.

Ive been concerned in the past by attempts to pass special laws banning spyware and adware. Why, I always wondered, was it necessary to have a new law to ban something so nakedly fraudulent? There have been cases where these companies have successfully defended themselves, such as Claria with its substitution of ads on third parties Web sites.

I am not a lawyer, but I find it hard to believe that installing programs on a users computer without his or her consent, programs which consume the users resources, doesnt violate some fraud statute somewhere. The federal government and others have generally been chicken about taking on this problem, forcing users to incur all the costs of prevention and remediation. Click here to read more about a groups effort to develop a definition of spyware. They should be ashamed. Unlike authors of other malware, adware vendors operate out in the open and only hide when you install their programs unwittingly.

Spyware companies also operate out in the open. I received a press release recently from a keylogger company, which I wont do the favor of mentioning here, which touted the products stealth installation features. Some would say there are legitimate applications of keyloggers, for employee or student monitoring or for testing purposes, but there is no legitimate application of stealth installation. The press release says the product "masks as a driver file and uses a smart installation algorithm, which makes it invisible to PC users. It does not ask user permission for driver installation or anything else. The program starts logging keystrokes automatically upon boot up, before a user is logged in, thus making it possible to capture Windows user login and password (a lot of keyloggers dont)."

This is sort of like selling crack pipes. Im not sure if its illegal, and the mere possession of a crack pipe or a keylogger doesnt in and of itself harm anyone else, but its one step away from harming someone. Any software companies who are customers of the company whose press release I received are probably legitimate targets of Mr. Spitzer.

Its possible that part of the reason other governments have avoided taking on the adware business is that they are intimidated by the Internet aspect of it. There has been a mindless sense of libertarianism in government with respect to the Internet. I dont mean to equate mindlessness and libertarianism; libertarianism as I understand it presumes that the role of the government is to protect individuals from force or fraud. Well, heres an example of how government, until today, has not been protecting individuals against fraud, making Elliot Spitzer, ironically, the libertarian of the day.

How should big security companies handle adware and spyware? Click here to read Larry Seltzers commentary. Nor is it "bad for business" when fraudware vendors are prosecuted, since nothing harms confidence in Internet business more than the legitimate fear of widespread fraud. A little law and order is just what this situation calls for.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
 
 
 
 
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel