Adware Tries to Climb Out of the Muck

Opinion: What's going on with anti-adware and -spyware products reclassifying adware programs? Part of it is that some adware vendors are trying to clean up their act.

I was a little surprised when Microsoft started reclassifying adware programs in its anti-spyware software to less severe levels. But I was downright curious when Sunbelt Software started to do the same.

A controversy erupted over the weekend when Sunbelt reclassified some programs from notorious adware vendor WhenU to a less severe rating of "low" and a default recommendation of "ignore" (as opposed to "remove").

This was the same move that Microsoft made with several adware vendors and was done for what is claimed to be the same reason. Microsoft said it re-examined the software it reclassified, most prominently GAIN from Gator Software, and changed it to "ignore" in order to make it more consistent with Microsofts standards and how it classifies other programs.

/zimages/1/28571.gifRead more here about Microsoft reclassifying adware programs.

They did not go into detail about how GAIN or any other reclassified programs related to their standards, and the only document Im aware of that discusses their standards doesnt go into detail on how a program merits one level or another.

Sunbelt generally isnt as well-known as Microsoft, although it is very well-known in anti-spyware circles, partly because it went to the trouble some time ago of attempting to define what spyware and adware are, and to some degree what the company would do when it encountered them. Microsoft and others have stuck their toes in these same waters.

All of the documents Ive seen have been heavy on the definition of spyware and light on the standards for classification. Sunbelts document makes reference to classification, but not in a systematic way. When Symantecs attempt at classification came out, I criticized it for being designed to formulate a score, thinking this was an overly simplistic approach.

But maybe Symantec has it right, since an obvious application of a score is to tie certain program actions to specific scores (for example, delete if the score is eight or higher, recommend removal if between four and seven, recommend ignoring if less than four).

But in any event, standards such as this can put you in a tough spot, and there Sunbelt found itself last week when it became clear that WhenU had reworked some of its programs so that under Sunbelts criteria and standard practices, they would no longer merit a default action of "remove," but rather of "ignore." This Sunbelt did.

The company explained the examination and decision process in great detail in a document it published (PDF form). This alone puts Sunbelt way ahead of Microsoft, with its response to its GAIN controversy.

Its also worth noting that Sunbelt reclassified some but not all of WhenUs programs, and it did not reclassify the main problem application, Save! (aka SaveNow),which delivers targeted pop-up ads to users based on their browsing habits.

What I think is most interesting about Sunbelts action is that it also showed that the companys standard treatment for "adware bundlers" is a classification of "low" and a recommendation of "ignore."

Adware bundlers dont necessarily, on their own, perform adware functions, but they may install actual adware, with or without permission from the user. WhenUs ClockSync program, one of those reclassified, is an example of this in that it doesnt display ads, but it may install Save!/SaveNow.

Eric Howes of the Web site SpywareWarrior, who is also a consultant to Sunbelt, says it would be an overreaction to treat an otherwise innocuous program with the same degree of severity as one that it subsequently installs. But he said he sees the problems with the situation.

If we assume that the user who sees the ClockSync classification is running Sunbelt Softwares CounterSpy or some other program of the companys, surely they also would see the more serious classification if it installed Save!/SaveNow. This would argue for the approach Sunbelt has taken, since the user will see the right classification when it needs to be seen.

Howes does say, and I agree, that perhaps in the end, the whole category of adware bundlers needs to be reclassified up. Perhaps theres an intermediary level between "ignore" and "remove" that could bridge the gap.

Neither Sunbelt nor Microsoft compromised themselves to the degree that Aluria did when it certified WhenU as "spyware-safe." That went completely over the top, although Aluria claims to have its own standards.

But I dont want to spend too much time trying to accommodate companies that have historically abused their customers computers even if they are trying to conform with the letter of the rules they should be following.

Were still in the early stages of setting these standards, and we cant let mistakes bind us to bad practices. I think most of us can think of adware the way Potter Stewart thought of pornography: We know it when we see it.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. He can be reached at

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

More from Larry Seltzer