CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

Yahoo's IM update: A Trojan horse of surprises

Company stops prompting customers to update the software until it can ensure fix for bug works. Video: Watch this before installing update

Yahoo said late Friday that it has fixed a bug in its newest version of Yahoo Messenger that changed a user's mail preferences without his or her consent.

But the company has stopped prompting customers to update the software until it can sufficiently test that the fix works, said Yahoo spokeswoman Terrell Karlsten.

"We're testing the fix until we can get it behaving the way we want it to behave," she said.

Yahoo Messenger 8.1, when it was released Friday, automatically installed a Yahoo Mail icon in a user's system tray and changed the user's default mail settings to Yahoo Mail, said Karlsten.

Yahoo had alerted 73 million users worldwide (or all those using its IM service before November 2) to download the latest software version, which includes free or low-cost PC-to-PC calls among its chat features.

The company said the update increases stability and reliability, and improves security. The previous software contains a security flaw that could cause other applications like Microsoft's IE to crash, or prompt users to be involuntarily logged out, Karlsten said. The new version, she said, fixes that issue and bundles in new features like interoperability with Windows Live Messenger.

"The reason why we do a package, bundle everything together, is so people can get the latest version with the security updates and the great new features," Karlsten said.

How to update the feature while avoiding unwanted changes to your Internet browser.

By default, the software also inserts the Yahoo Toolbar into the user's Web browser and changes the user's personalized home page and search settings to In the original download alert, people could choose to customize the installation under "options" and then uncheck these default settings. What users couldn't change, however, was that the software was adding a Yahoo Mail icon to the system tray and changed their default mail settings to Yahoo Mail.

Yahoo's Karlsten had said the engineering team was not aware of the Yahoo Mail issue and was actively working on a fix. But she said that the problem affected only a subset of existing users. She added that the company realizes everyone might not want all of the features it offers and that's why users can customize their installation. "We have really made sure we've given people choice," she said.

"The basic principle is do not change users' preferences from under them, or not through deceptive dialog boxes because a lot of people click through, like 'yeah, yeah, yeah,' without reading them."
--Jacob Nielsen, user design expert

Finally, for some people running Microsoft's Internet Explorer 6.0, Yahoo's changes will crash the browser application.

Karlsen said that Messenger should be compatible with IE 7 and earlier versions, but the company is investigating.

The company also added language to its terms of service related to a new auto-updater practice. In the default setting, Yahoo will automatically download software to the client's PC whenever it has an update, and then alert the user when to install the software.

Jacob Nielsen, an expert on user design and principal of Nielsen Norman Group, said that Yahoo is not alone in its default changes, but the strategy runs contrary to what he calls software ethics.

"The basic principle is do not change users' preferences from under them, or not through deceptive dialog boxes because a lot of people click through, like 'yeah, yeah, yeah,' without reading them," said Nielsen, author of Prioritizing Web Usability."

"You don't want to make any changes unless they ask for it," he added.

Through research he's found that the average person on the Internet is clueless as to how to fix the changes that software bundles--like Yahoo's--typically make to their PC. Only people who are tech-savvy or work in the industry understand the concept of maintaining preferences that they can change, he said.

What's more problematic, he said, is that problems or collective clutter resulting from software bundles can serve to confuse the general public and cause consumers to be afraid of downloading anything.

"To the average user, they think, 'My computer used to work and now it doesn't and I don't know why.'

"All these small violations pollute the interface and degrade the ability of all the service providers to make updates, especially when they step over the line," Nielsen said.

At least one longtime user of Yahoo Messenger won't download the new version because she expects problems.

"I don't plan to download the latest YIM because the last one took over so many things without telling me beforehand that it took days to get it all untangled," said Erica Schroeder, a tech executive in the San Francisco Bay Area. "I was so mad I almost dumped the application off my system entirely. Yahoo should know better."