Does Downgrading Spyware Threat Upgrade the Risk?

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
In yet another triumph of semantics over substance, Claria Corp. (formerly known as Gator), announced late last month that computer security software maker McAfee Inc. had rescinded its January 2005 declaration that Claria's stealthily installed pop-up ad generating software was a ''malicious threat''.

This development is another sign that the spyware and adware manufacturers are gaining ground in their effort to rehabilitate their image as purveyors of some of the world's most hated software. But the privacy and security threats posed by surreptitiously installed monitoring software remain, despite the linguistic gymnastics and pretzel logic that has made McAfee's experts go squishy in this case.

To understand how an organization like McAfee could downgrade the threat posed by Claria's software, I find it helpful to describe a scene from the original Star Wars movie, in which Jedi Master Obi-Wan Kenobi uses the power of The Force to temporarily brainwash a pair of Imperial Storm Troopers.

In the famous scene, the evil Storm Troopers are searching for beloved droids R2D2 and C3PO. As the Troopers approach Luke Skywalker, Obi-Wan, and the droids, the old Jedi Master quietly taps into The Force:

Obi-Wan: (under his breath) ''These are not the droids you're looking for.''
Trooper: (dazed, turns to his companion) ''These are not the droids we're looking for.''
Obi-Wan: ''He can go about his business.''
Trooper: ''He can go about his business.''
Obi-Wan: ''Move along.''
Trooper: (impatiently) ''Move along! Move along!''

It's just this kind of process that the lobbying and public relations staff of Claria, and other manufacturers of spyware and adware, have been employing in many venues. In the case of McAfee, Claria's representatives appear to have gotten McAfee's experts to repeat the language of Claria's oft-ignored license agreement and privacy policy, hoping they fail to notice the clandestine installation of unwanted software under people's noses.

The reason why McAfee's software had listed Claria's pop-up generating software as malicious is no mystery -- almost no one ever asks to have such software installed on their computer, yet it somehow finds its way on there. Working without the user's explicit knowledge or consent, it generates unwanted pop-up ads, hogs memory, and generally makes the day-to-day lives of its hapless victims more miserable.

Claria's executives continually insist that the installation of the firm's products are always clearly disclosed, and that people are always fully aware when, and why, the software is being installed. To bolster the defense, Claria's representatives and public relations flacks will dutifully point to page four of a 12-page End User License Agreement -- those long screens of gobbledygook that nobody reads when they install software -- in which the otherwise undetectable presence and functions of the software are disclosed.

Never mind, of course, the extensive evidence that tens of thousands, maybe even millions, of consumers haven't asked for Claria's software to be installed on their computers. Never mind the extensive evidence of malicious ''drive-by'' downloading by Claria's paid distribution ''affiliates''. And never mind the fact that, for many hapless users, Claria's software remains difficult to detect, identify, and remove.

So why did the security experts at McAfee change the company's position?

Jedi Mind Tricks aside, one reason could be that Claria threatened another lawsuit, such as the one it launched last year to censor criticisms by anti-spyware manufacturer PC Pitstop.

Indeed, litigation is not new for Claria.

In 2004, I served as an expert witness in a consolidated set of lawsuits brought by a dozen major brand name companies against Claria. The plaintiffs sought to prohibit Claria from generating pop-up ads that obscured access to the plaintiffs' wWebsites. Claria managed to buy its way out of most of those suits, leaving unresolved the fundamental questions of unfair trade practices, trademark abuse, and other issues raised in the cases.

Unfortunately, much of my work in that case is still covered by a court-imposed protective order, so I cannot write about all the juicy details. Suffice it to say, I was not surprised that Claria's management went to great lengths to make those suits go away quickly and quietly.

But as a firm, Claria has taken a recent turn away from litigation that suggests a new-found preference for pumping sweetness and light, instead of the usual brimstone and bull manure. Beginning with the hiring of my old acquaintance Reed Freeman as its chief privacy officer in April of 2004, Claria has waged a masterful public relations campaign to rehabilitate its reputation and recast itself as being sensitive to privacy concerns.

Earned during the days in which the company was known as Gator, the company's reputation as a purveyor of sneakily installed adware was qualitatively identical to the foul-smelling muck in which its swamp-dwelling namesake preferred to remain submerged. In the last year, however, through the deft usage of political connections, and the liberal use of cold, hard cash, Claria is on its way to being even more highly regarded than MCI (nee Worldcom), Altria (nee Phillip Morris), and even Mary Mallon (nee Typhoid Mary).

As a measure of success, Claria's Reed Freeman was recently appointed to the U.S. Department of Homeland Security's privacy advisory board, bringing his firm's experience in distributing and exploiting privacy-destroying software to do... what exactly? To serve as an example of what Homeland Security should not be doing to protect citizens' privacy?

Claria is not the only company buying a squeegee to scrape the muck off its reputation. Others in the same line of business -- namely, the business of causing ads to pop-up on people's computers whether they're wanted or not -- have followed similar courses and are achieving success at insinuating themselves into the corporate and public policy mainstream. Just recently, for example, spyware maker 180 Solutions, Inc., joined Claria as a high-level corporate sponsor of the International Association of Privacy Professionals, an organization that was once devoted to training corporate privacy executives how to better manage privacy-related risks.

The companies engaged in the spyware and adware business have earned a well-deserved negative perception in the minds of those consumers whose Internet experience has been made more problematic by these companies' troublesome products. But through obfuscation, word games, and glad-handing, they will undoubtedly continue to have success in recasting their corporate images, or at least further clouding the issues.

By succumbing to Claria's mind tricks, now McAfee's software will become part of the rehabilitation process, through the cunning usage of namby-pamby language that will make it more difficult for McAfee users to understand the problems posed by Claria's pop-up ad generating software.

But all the public relations whitewashing cannot change the underlying facts: Spyware and surreptitious adware remain a scourge for many millions of unsuspecting users. The purveyors of these insidious programs can play all the word games they want, but as long as they are in the business of harassing users with unwanted intrusive software, their campaign of disinformation will always be undermined by truth.


Loading Comments...