Does Downgrading Spyware Threat Upgrade the Risk?

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
In yet another triumph of semantics over substance, Claria Corp.(formerly known as Gator), announced late last month that computersecurity software maker McAfee Inc. had rescinded its January 2005declaration that Claria's stealthily installed pop-up ad generatingsoftware was a ''malicious threat''.

This development is another sign that the spyware and adwaremanufacturers are gaining ground in their effort to rehabilitate theirimage as purveyors of some of the world's most hated software. But theprivacy and security threats posed by surreptitiously installedmonitoring software remain, despite the linguistic gymnastics and pretzellogic that has made McAfee's experts go squishy in this case.

To understand how an organization like McAfee could downgrade the threatposed by Claria's software, I find it helpful to describe a scene fromthe original Star Wars movie, in which Jedi Master Obi-Wan Kenobi usesthe power of The Force to temporarily brainwash a pair of Imperial StormTroopers.

In the famous scene, the evil Storm Troopers are searching for beloveddroids R2D2 and C3PO. As the Troopers approach Luke Skywalker, Obi-Wan,and the droids, the old Jedi Master quietly taps into The Force:

Obi-Wan: (under his breath) ''These are not the droids you'relooking for.''
Trooper: (dazed, turns to his companion) ''These are not thedroids we're looking for.''
Obi-Wan: ''He can go about his business.''
Trooper: ''He can go about his business.''
Obi-Wan: ''Move along.''
Trooper: (impatiently) ''Move along! Move along!''

It's just this kind of process that the lobbying and public relationsstaff of Claria, and other manufacturers of spyware and adware, have beenemploying in many venues. In the case of McAfee, Claria's representativesappear to have gotten McAfee's experts to repeat the language of Claria'soft-ignored license agreement and privacy policy, hoping they fail tonotice the clandestine installation of unwanted software under people'snoses.

The reason why McAfee's software had listed Claria's pop-up generatingsoftware as malicious is no mystery -- almost no one ever asks to havesuch software installed on their computer, yet it somehow finds its wayon there. Working without the user's explicit knowledge or consent, itgenerates unwanted pop-up ads, hogs memory, and generally makes theday-to-day lives of its hapless victims more miserable.

Claria's executives continually insist that the installation of thefirm's products are always clearly disclosed, and that people are alwaysfully aware when, and why, the software is being installed. To bolsterthe defense, Claria's representatives and public relations flacks willdutifully point to page four of a 12-page End User License Agreement --those long screens of gobbledygook that nobody reads when they installsoftware -- in which the otherwise undetectable presence and functions ofthe software are disclosed.

Never mind, of course, the extensive evidence that tens of thousands,maybe even millions, of consumers haven't asked for Claria's software tobe installed on their computers. Never mind the extensive evidence ofmalicious ''drive-by'' downloading by Claria's paid distribution''affiliates''. And never mind the fact that, for many hapless users,Claria's software remains difficult to detect, identify, and remove.

So why did the security experts at McAfee change the company's position?

Jedi Mind Tricks aside, one reason could be that Claria threatenedanother lawsuit, such as the one it launched last year to censorcriticisms by anti-spyware manufacturer PC Pitstop.

Indeed, litigation is not new for Claria.

In 2004, I served as an expert witness in a consolidated set of lawsuitsbrought by a dozen major brand name companies against Claria. Theplaintiffs sought to prohibit Claria from generating pop-up ads thatobscured access to the plaintiffs' wWebsites. Claria managed to buy itsway out of most of those suits, leaving unresolved the fundamentalquestions of unfair trade practices, trademark abuse, and other issuesraised in the cases.

Unfortunately, much of my work in that case is still covered by acourt-imposed protective order, so I cannot write about all the juicydetails. Suffice it to say, I was not surprised that Claria's managementwent to great lengths to make those suits go away quickly and quietly.

But as a firm, Claria has taken a recent turn away from litigation thatsuggests a new-found preference for pumping sweetness and light, insteadof the usual brimstone and bull manure. Beginning with the hiring of myold acquaintance Reed Freeman as its chief privacy officer in April of2004, Claria has waged a masterful public relations campaign torehabilitate its reputation and recast itself as being sensitive toprivacy concerns.

Earned during the days in which the company was known as Gator, thecompany's reputation as a purveyor of sneakily installed adware wasqualitatively identical to the foul-smelling muck in which itsswamp-dwelling namesake preferred to remain submerged. In the last year,however, through the deft usage of political connections, and the liberaluse of cold, hard cash, Claria is on its way to being even more highlyregarded than MCI (nee Worldcom), Altria (nee Phillip Morris), and evenMary Mallon (nee Typhoid Mary).

As a measure of success, Claria's Reed Freeman was recently appointed tothe U.S. Department of Homeland Security's privacy advisory board,bringing his firm's experience in distributing and exploitingprivacy-destroying software to do... what exactly? To serve as an exampleof what Homeland Security should not be doing to protect citizens'privacy?

Claria is not the only company buying a squeegee to scrape the muck offits reputation. Others in the same line of business -- namely, thebusiness of causing ads to pop-up on people's computers whether they'rewanted or not -- have followed similar courses and are achieving successat insinuating themselves into the corporate and public policymainstream. Just recently, for example, spyware maker 180 Solutions,Inc., joined Claria as a high-level corporate sponsor of theInternational Association of Privacy Professionals, an organization thatwas once devoted to training corporate privacy executives how to bettermanage privacy-related risks.

The companies engaged in the spyware and adware business have earned awell-deserved negative perception in the minds of those consumers whoseInternet experience has been made more problematic by these companies'troublesome products. But through obfuscation, word games, andglad-handing, they will undoubtedly continue to have success in recastingtheir corporate images, or at least further clouding the issues.

By succumbing to Claria's mind tricks, now McAfee's software will becomepart of the rehabilitation process, through the cunning usage ofnamby-pamby language that will make it more difficult for McAfee users tounderstand the problems posed by Claria's pop-up ad generating software.

But all the public relations whitewashing cannot change the underlyingfacts: Spyware and surreptitious adware remain a scourge for manymillions of unsuspecting users. The purveyors of these insidious programscan play all the word games they want, but as long as they are in thebusiness of harassing users with unwanted intrusive software, theircampaign of disinformation will always be undermined by truth.