Security threats Toolkit

Who’s watching the watchers?

Tags:
Spyware

Declan McCullagh CNET News

Published: 06 May 2005 13:10 BST

You don't have any objection to pop-up applications like WhenU or Claria as long as the user knows what they're getting?
I have no comment on any matter pertaining to WhenU. As to Claria, their core business seems to me to be troubling because it's so parasitic. They can only show ads thanks to users requesting other sites, which get no share of the revenues from those ads. Suppose a site spends a million dollars on a Super Bowl ad or $3 on a Google pay-per-click ad. Claria's pop-up then siphons away the resulting users. This undermines the incentives for sites to promote themselves through legitimate advertising.

What's the latest in terms of threats to anti-adware companies who label certain software "spyware"?
The background here is that historically users have been tricked into getting all manner of unwanted software into their computers. Their computers become slow, unreliable.

Companies step in to help by offering detection programs.

From the perspective of the spyware makers, these detection programs are bandits: They take the spyware off the users' computer after the spyware makers have gone to such lengths to infect the computers in the first place. So the spyware companies have been attempting intimidation tactics to force the removers to omit removal of particular advertising software.

Name names. Who's been the most litigious?
One of the few companies to file suit is Claria, which sued PC Pitstop in 2003 alleging unfair business practices when PC Pitstop told its users its view of Claria's software. And New.net took the novel approach of suing Lavasoft in federal court.

Mostly, these threats don't lead to litigation. Either the spyware vendors give up or they succeed in their intimidation tactics without having to go to court. There have been at least half a dozen examples just in the past few months.

It's absolutely fascinating to watch Symantec and McAfee struggle with this. It's a very different problem from what they're used to. Virus writers don't fight back.

You've been on the attack against Ask Jeeves recently. Why?
They're getting installations from kids' sites. I've been trying to figure out how these programs have such a large installed base: Who in their right mind would agree to have their computer become a vehicle for pop-up ads? It turns out that many of these programs target kids. They advertise their software at kids’ sites. They bundle it with video games. They use advertisement images like smiley faces.

Ask Jeeves has a search engine that nobody really wants to go to. To get users to come, they push these toolbars. But if the toolbars are installed without proper notice and consent, then the entire business collapses. They have no legitimate business source of any substantial traffic to their Web site.

Ask Jeeves just tries to get people to download their toolbar. Does that make it spyware or adware?
It's not exactly spyware like the others. It doesn't show pop-up ads. As far as I know it doesn't track and transmit to its servers every Web site you visit. Yet it uses equally tricky installation tactics. (Editor's note: This week, CBS MarketWatch calculated that Ask Jeeves is valued at $1.8bn and receives up to two-thirds of its search traffic from sources that also distribute adware.)

How much money have you made by consulting for anti-adware companies so far? Edelman: I've made enough to pay for law school. What next?
I don't know. I might end up teaching. I can see myself practicing law, and potentially serving as some sort of a professional consultant.