The State of New York vs. The Adware Mob

Opinion: It's about time someone called a fraud a fraud. Adware vendors who install programs on users' computers without their true permission are stealing from those users.

The main job of all state Attorneys General is to grandstand as part of a campaign for the Governorship, and Elliot Spitzer of New York is the king of this technique.

There have been many cases where, IMHO, he has gone way overboard. But give credit where credit is due. Its about time someone with heavy-duty prosecutorial authority took on the lowlifes in the adware business.

Given the vigilance with which Spitzer has prosecuted legitimate businesses, one would hope that he will leave no stone unturned in the pursuit of spyware and adware, which he describes as equally objectionable.

As Eric Howes of SpywareWarrior says, the techniques for which Spitzer is prosecuting Intermix have been used by the giants of adware, including Claria, WhenU, 180solutions and DirectRevenue.

Ive been concerned in the past by attempts to pass special laws banning spyware and adware. Why, I always wondered, was it necessary to have a new law to ban something so nakedly fraudulent?

There have been cases where these companies have successfully defended themselves, such as Claria with its substitution of ads on third parties Web sites.

I am not a lawyer, but I find it hard to believe that installing programs on a users computer without his or her consent, programs which consume the users resources, doesnt violate some fraud statute somewhere.

The federal government and others have generally been chicken about taking on this problem, forcing users to incur all the costs of prevention and remediation.

/zimages/3/28571.gifClick here to read more about a groups effort to develop a definition of spyware.

They should be ashamed. Unlike authors of other malware, adware vendors operate out in the open and only hide when you install their programs unwittingly.

Spyware companies also operate out in the open. I received a press release recently from a keylogger company, which I wont do the favor of mentioning here, which touted the products stealth installation features. Some would say there are legitimate applications of keyloggers, for employee or student monitoring or for testing purposes, but there is no legitimate application of stealth installation.

The press release says the product "masks as a driver file and uses a smart installation algorithm, which makes it invisible to PC users. It does not ask user permission for driver installation or anything else. The program starts logging keystrokes automatically upon boot up, before a user is logged in, thus making it possible to capture Windows user login and password (a lot of keyloggers dont)."

This is sort of like selling crack pipes. Im not sure if its illegal, and the mere possession of a crack pipe or a keylogger doesnt in and of itself harm anyone else, but its one step away from harming someone. Any software companies who are customers of the company whose press release I received are probably legitimate targets of Mr. Spitzer.

Its possible that part of the reason other governments have avoided taking on the adware business is that they are intimidated by the Internet aspect of it. There has been a mindless sense of libertarianism in government with respect to the Internet.

I dont mean to equate mindlessness and libertarianism; libertarianism as I understand it presumes that the role of the government is to protect individuals from force or fraud. Well, heres an example of how government, until today, has not been protecting individuals against fraud, making Elliot Spitzer, ironically, the libertarian of the day.

/zimages/3/28571.gifHow should big security companies handle adware and spyware? Click here to read Larry Seltzers commentary.

Nor is it "bad for business" when fraudware vendors are prosecuted, since nothing harms confidence in Internet business more than the legitimate fear of widespread fraud. A little law and order is just what this situation calls for.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.