X

Will certification legitimize adware?

Net companies promise new program to promote noninvasive software downloads, but skeptics remain.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
5 min read
WASHINGTON--Backers of a new plan to police downloads believe it will put an end to unwanted software that launches pop-up ads and hogs system resources. But critics counter that the program will merely legitimize such software, not make it go away.

The Trusted Download Program, announced here Wednesday, promises to help people avoid adware and spyware by guaranteeing an application does only what it says. The plan's sponsors--mostly large Internet companies--said the program will kick off in a trial version early next year when online privacy watchdog group Truste publishes its first list of certified applications.

"We think this will be the end of unwanted software on your computer," Fran Maier, executive director of Truste, said at an event at the National Press Club here. "Consumers deserve to have control over what's on their computers."

News.context

What's new:
A new certification program backed by industry and lawmakers promises to help people avoid adware and spyware by guaranteeing that a program does what it says.

Bottom line:
Critics say that instead of hindering annoying downloads, the plan will only give such software a seal of approval.

More stories on spyware and adware

On the industry side, the plan is backed by America Online, Yahoo, Computer Associates, Verizon Communications and CNET Networks (parent company of News.com). FTC Commissioner Jon Leibowitz and the Center for Democracy & Technology, a public advocacy group that runs the Anti-Spyware Coalition, have also got behind the push.

The plan also has congressional support from U.S. Sen. Conrad Burns, R-Mont., and Rep. Mary Bono, R-Calif., who have both proposed anti-spyware legislation.

"I am delighted to see that we have come this far and that the private sector has come up with a solution to a problem that truly stifles commerce on the Internet," Bono said Wednesday. "This is the first time I think we can truly move forward and provide the safety on the Internet that's needed."

But despite its high-profile backers, the plan won't put an end to ad-serving downloads that suck up system resources, critics say. Instead, it will give those applications a seal of approval.

"The problem is that Truste is, in effect, legitimizing adware," said Alex Eckelberry, the president of Sunbelt Software, maker of the CounterSpy anti-spyware tool. "Adware companies such as Claria and WhenU--assuming they get certified--will now have the ability to greatly increase their distribution network, under the cloak of certification."

The Trusted Download Program won't blacklist adware or spyware. Instead, it will give a seal of approval to software that adheres to certain rules. To be certified, makers of the software have to clearly communicate what their product does. The consumer then has to consent prior to download and again when installing the software.

Trust makers

For example, software that displays advertisements or tracks user behavior must disclose what type of ads will be displayed and what information will be tracked, according to the program's backers. The disclosure must also include which user settings may be altered, and must obtain consent for the download.

Furthermore, easy instructions to uninstall the software must be provided and displayed ads must be labeled with the name of the ad-serving software.

180Solutions and Direct Revenue, which make software that serves up ads, were quick to announce Wednesday that they would seek the Trusted Download Program approval. If they are successful, the companies hope their products will no longer be removed by anti-spyware software.

"These criteria represent legitimate best practices and are backed by some of the biggest consumer-facing software companies in the world. We urge anti-spyware companies to use this certification to better distinguish between legitimate downloadable software and nefarious programs," Keith Smith, chief executive of 180Solutions, said in a statement.

The software industry has been trying for some time to draw a line between spyware and adware, which are used to describe software that track people's online activity and sometimes deliver ads to screens. They are both widely disliked for their surreptitious distribution tactics, unauthorized data gathering, consumption of computer processing power and other annoying features.

Although adware makers say there are legitimate uses for their programs, an entire anti-spyware market has been spawned to combat the often unwanted downloads. Microsoft, for example, is building spyware protection into Vista, the next version of its dominant Windows operating system.

Truste head Maier said that companies such as 180Solutions, which has been working to clean up its reputation as an adware pusher, might be successful in a bid. "Ultimately we may certify some of the names that have been tarnished, but not without many of them making significant changes first," Maier said.

Protecting consumers is one goal of the Trusted Download Program. The other is to protect online advertisers who may not want their promotions served up by adware, the program's backers said. "This will kill your brand faster than anything," said Margo Hammar, the chief privacy officer at communications giant Verizon.

The adware flow
AOL and Yahoo, which both advertise online, said they will do business with companies that have the Trusted Download Program certification and shun others, representatives for the Web companies said. Right now, AOL doesn't advertise via adware at all, a representative for the Time Warner subsidiary said.

Stopping the flow of money to the purveyors of adware is good, said Ben Edelman, a Harvard Law School student and spyware researcher. "Advertisers need to find ways to stop funding spyware," he said. Cutting off revenue might help reduce distribution channels for adware and spyware, so consumers may see less of it, he said.

However, Edelman is still worried about the Trusted Download Program. "I don't accept the notion that there is...'good' or 'good enough' adware," he said. "I have yet to see an adware program that offers users a reasonable value proposition."

Edelman also criticizes Truste, which he said has in the past given its Web site privacy seal to Direct Revenue and other adware peddlers.

Meanwhile, makers of anti-spyware software disagree on the value of the Trusted Download Program. Computer Associates, one of the sponsors, will use the program's whitelist of applications in its evaluation of what its PestPatrol anti-spyware tool should detect, said Tori Case, director of eTrust Security Management at CA.

Aluria Software Provided by Internet service provider EarthLink to its customers, won't use the list of certified applications.

"Having a whitelist is potentially dangerous. These products could change easily, and I could not imagine us using a whitelist," said Richard Kohn, the vice president of engineering at Aluria.

Sunbelt Software also won't use the list of approved adware for its CounterSpy product. "We will never use the whitelist. Apart from the fact that it's against our philosophy of listing criteria and methodology, our enterprise customers would never accept it," said company president Eckelberry.

As for unwanted software going away, tough chance, Kohn said. "It won't be the end of unwanted software. Just by the nature that the bad guys are propagating their stuff. The bad guys won't go away," he said.