AOL 9.0 Slapped with Badware Label

The high-powered coalition criticizes the free version of the AOL 9.0 software program.

The high-powered coalition has slapped a "badware" label on the free version of the AOL 9.0 software program.

The group, which is funded by Google, Lenovo Group and Sun Microsystems, accused AOL of installing additional software without telling the user; adding components to the browser and taskbar without disclosure; automatically updating software without user consent; and making the AOL 9.0 software difficult to fully uninstall.

"We currently recommend that users do not install the version of AOL software that we tested," according to a report released Aug. 28 by

The recommendation is a serious blow to AOL, which is already struggling with user privacy problems related to the recent disclosure of search data of more than 650,000 users.

The report said the AOL 9.0 software comes bundled with a number of additional applications, including RealNetworks RealPlayer, Apple Computers QuickTime, AOL Youve Got Pictures Screensaver, Pure Networks Port Magic, and Viewpoint Media Player.

/zimages/3/28571.gifClick here to read more about Googles funding of the coalition.

"During the installation process the user is never clearly notified that AOL will be installing these programs. The inclusion of two of these programs—QuickTime and Viewpoint Media Player—is mentioned on a page entitled AOL Software. However, to reach the AOL Software page, the user must click on AOLs Privacy Policy (which is linked to from the third pre-installation screen), and then locate and click on the second use of the word software on that page," the report said.

/zimages/3/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Apart from this sole reference, the user would not even know that several of these programs—namely, Youve Got Pictures, Pure Networks Port Magic, and Viewpoint—were installed on the computer unless the user went to the Add/Remove Programs feature, because these programs do not appear to install any links or files on the desktop or Start menu, the report added.

The group said the tests of AOL 9.0 found that the company uses pop-up notices to force users to download new versions of software.

"Since this dialogue box has only one button—Update Now—and there is no X in the upper right-hand corner, the user [has] no way to close this box without clicking Update Now. Moreover, this box appears on top of any other windows the user has open, taking up about 1/12 of the users screen, which makes this dialogue box almost impossible to ignore," the group said.

Forcing users to perform certain actions in this manner is unacceptable behavior, the report said.

It also chided the company for adding the AOL Toolbar to users Internet Explorer browser without warning. "Telling the user after the fact that a toolbar has been installed and then providing them with uninstallation instructions is not adequate disclosure," the group said. said the AOL 9.0 software also adds two additional icons to Internet Explorers default tool bar without adequate disclosure during the installation process.

/zimages/3/28571.gifClick here to read more about "badware" accusations against Kazaa and others.

The coalition also found that it was difficult to fully uninstall the AOL 9.0 software. "After uninstalling AOL and all of its bundled components using Add/Remove Programs, at least two AOL processes continue to run: AOLServiceHost.exe and AOLHostManager.exe. It is unacceptable for AOL processes to continue to run after AOL has been uninstalled by the user," said.

The coalition, which is managed by Harvard Law Schools Berkman Center for Internet & Society and Oxford Universitys Oxford Internet Institute, discussed its findings with AOL and said the company plans to take steps to address the criticisms.

"With regards to uninstallation, AOL says that a design flaw in the uninstaller mistakenly leaves executables running, even after a restart. The company says it is working on a fix, and in the meantime, that the executables do nothing even though they are running," the group said.

AOL joins a list of dubious companies in the "badware" category. The coalition previously used the label on controversial peer-to-peer application Kazaa, rogue anti-spyware program SpyAxe, download manager MediaPipe and screensaver utility Waterfalls 3.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.