Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    Expert: 180Solutions Update Permits Drive-By Installs

    Written by

    Paul F. Roberts
    Published February 21, 2006
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      A consumer advocate and advertising software expert claims that a recent update to advertising software from 180Solutions fails to prevent the unauthorized installations it was designed to stop.

      Spyware expert Ben Edelman said on Feb. 20 that unscrupulous partners were using security exploits to install 180s Zango software, despite the companys new S3 installer, which was designed to prevent unauthorized installs.

      180 said it was the victim of “hacking” and charged Edelman with unethical disclosure of a vulnerability in its products.

      The exchange is just the latest salvo in an ongoing war between Edelman, a Harvard University Law School student and advertising software industry gadfly, and 180Solutions, of Bellevue, Wash., which sells and distributes pop-up advertisements through programs like Zango and Seekmo.

      180Solutions has a network of partners who get paid to install the programs on Internet users computers.

      Edelman and other spyware experts have repeatedly charged 180Solutions with deceptive business practices. Among other things, Edelman said the company has not been forthcoming about the nature of its software in license agreements that users read before agreeing to install the programs.

      /zimages/4/28571.gifClick here to read about an adware complaint made against 180Solutions.

      Edelman also said 180 turned a blind eye to unethical installation practices by its partners. Those methods include so-called “drive-by downloads” that use software security holes to install 180 Software without the users explicit agreement.

      180Solutions has taken steps to improve its reputation in recent months. In December, the company announced a new version of its S3 (Safe and Secure Search) technology and said it would stop supporting 180 Search Assistant, which Edelman and others claimed was frequently installed improperly by the companys advertising affiliates.

      S3 requires users to view and agree to a 180 license agreement before the companys software is installed on their systems. The software also makes it easier to remove unauthorized downloads and track installation behavior by 180s partners, the company said in a statement.

      “The promise of the platform is that thousands of distributors would be unable to cheat 180Solutions and 180 users,” Edelman said.

      But the S3 protections are easy to circumvent, and unscrupulous partners have already figured out how to bypass the user acknowledgement step and illegally install 180s software, he said.

      /zimages/4/28571.gifWhat can be done to fight spyware? Click here.

      Edelman recorded a nonconsensual installation of 180s Zango software, along with a bundle of other advertising software programs on Feb.17. The programs were installed using a “bootloader” program that was installed on a vulnerable Windows system using an exploit of the recent WMF (Windows Meta File) vulnerability.

      The attackers bundled the S3 program with another program that acknowledged the 180Solutions license agreement as soon as it appeared on the desktop. The 180Solutions License Agreement is visible on the users screen for a fraction of the second before it disappears and the software is installed, according to a video of the attack captured by Edelman.

      Sean Sundwall, a spokesperson for 180Solutions, said the company accepts Edelmans analysis of the illegal install, but takes issue with his disclosure of the attack.

      “Responsible disclosure is well-practiced in the security industry. We feel like the way this was handled was far from the best interests of consumers,” he said.

      In a news release Feb. 20, 180Solutions said its software was “hacked” by an online publisher who used the name “Sniper84” and that the company had shut down the Web site that was distributing the attack.

      180 would have spotted the illegal installs earlier, but lacks an integrated system for monitoring telltale signs of rogue behavior, like an unusually high rate of user acceptance of the 180 software (the rate is typically between 5 and 10 percent), or an unusually rapid consent to the license agreement, Sundwall said.

      180Solutions is working to improve its internal monitoring systems and integrate those measurements, he said.

      The company will also make changes to address problems in its license agreement raised by Edelman, he said.

      Next Page: Policing distributors.

      Policing Distributors

      A promised version of the license agreement will make it clear that 180 installs pop-up advertising software and changes to the S3 application will enable those who view the agreement to print it out, Sundwall said.

      But 180s problems go deeper than license agreements, Edelman said.

      The company maintains a long list of distributors, many of them outside of the United States.

      In the past, many of those partners have acted unethically, but 180 has not abandoned the affiliate model for distributing its software, or shown a willingness to perform “due diligence” before permitting companies to distribute 180s wares, Edelman said.

      “180s problem is that they do business with thousands of different distributors. They could say were only going to do business with companies that are real companies, or only with companies in the United States, or where weve actually met the people personally … But theyre not looking carefully at who these people are,” he said.

      Among other things, 180 should look closely at distributors operating out of the former Soviet Union, Africa and other countries with little legal infrastructure for addressing cyber-crime, he said.

      Sundwall disputes that argument. He said 180 has culled thousands of distributors from its books, and the company currently uses only around 1,000 partner companies to distribute its wares, down from 7,000 six months ago.

      180 will continue to use non-U.S. distributors because they often offer attractive content that draws Internet users, even though 180 values U.S.-based installs over those in Europe or other countries, he said.

      However, he said, it is more difficult to vet distributors who are not in the United States.

      There is evidence that consumer rights advocates are running out of patience with the companys efforts to reform. In January, the Center for Democracy & Technology filed a compliant with the U.S. Federal Trade Commission about 180s practices, which CDT called “illegal and deceptive.”

      Edelman said 180 will have to push the envelope to get people to install its software, because few Internet users would willingly install it.

      “If this is such a service, why pay people to put it on [the users] computer?” he asked.

      “The reality is these are companies with millions of dollars of assets. This is big money,” he said.

      Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Paul F. Roberts
      Paul F. Roberts

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.