|
Critics decry spread of 'scumware' on the Web
By Ann Bednarz
In general terms, scumware is software that surreptitiously
changes the appearance of Web pages. It does so without the
permission of Webmasters or Web site content owners - an act
scumware makers justify by saying their software does not
alter HTML programming code used to build Web sites. Rather,
it affects what a visitor who has installed a scumware program
sees on his desktop while surfing the Web.
Critics say scumware is harmful on multiple fronts: Web site
operators can lose revenue; users might unwittingly sacrifice
their privacy; and corporations have to deal with security
vulnerabilities when their users download unauthorized applications.
Scumware usually is free, billed as a helpful utility to
manage passwords, deliver personalized content or block cookies.
But its makers' real intent is often to display ads that have
been provided by paying advertisers, or route its users to
the Web sites of sponsoring companies.
In practice, scumware does things like float pop-up ads over
Web content and advertisements, insert its own hyperlinks
into a user's view of a Web page, and reroute existing hyperlinks
to unauthorized sites. Imagine ads for "Company A"
popping up on the screen of a user perusing "Company
B's" site. Or the phrase "flight reservations"
hyperlinked to take a visitor from one airline's Web site
to the Web site of a rival.
Creators say it's lawful, effective, targeted advertising.
Web site owners argue that such uninvited links and ads hurt
their revenue opportunities, damage relationships with their
official advertisers and imply endorsements that don't exist.
Some Web site operators are fighting mad - notably several
publishers including The New York Times Co. and Dow Jones,
which this summer filed a lawsuit against software maker Gator
for allegedly violating copyrights and stealing revenue.
Gator makes software that manages passwords and fills out
forms for Web surfers. In exchange for the free management
software, users are fed pop-up ads. Gator used to make some
of those ads the same size as some Web site banner ads and
position them directly over authorized Web page ads - a practice
it stopped in November, the company says. Gator still serves
pop-up ads, but the size and positioning of those pop-ups
do not cause direct ad overlays.
While the publishers' lawsuit against Gator is pending, the
plaintiffs scored an early victory in July. A U.S. District
Court judge in Alexandria, Va., issued a preliminary injunction
against Gator that bars the company from delivering ads to
the plaintiffs' Web sites, at least temporarily.
Meanwhile, Gator defends its advertising practices, which
the company insists are not copyright infringement because
there is no copying or modifying of the plaintiffs' Web sites,
or any other material.
"Consumers have opted to receive free software in return
for occasionally receiving these advertisements," said
Gator CEO Jeff McFadden in a statement on the company's Web
site. "The 22 million PCs that comprise the Gator Advertising
and Information Network [GAIN] are owned and operated by 22
million consumers, not by a handful of Web site publishers.
What happens on these users' screens is the users' business
and choice, not the plaintiffs'."
Raising the ire of users
Legal or not, the methods of Gator and others continue to
raise the ire of many users.
One Network World reader wrote in response to a newsletter
on the subject that he finds products such as Gator to be
even more obnoxious than spam. He's glad to hear about the
lawsuit: "I am thankful that someone with a little muscle
is taking them to task," wrote the systems administrator.
Another reader wrote that he doesn't object to Gator's marketing
intent, just its installation tactics: "I have no problem
with marketing, I don't like the way Gator installs itself
without the knowledge of the user. I have had to remove it
from my PC numerous times even though I haven't ever purposely
installed it. I am an IT professional and am very aware of
what I click on when surfing the Web."
Critics take issue with many scumware providers' software
distribution tactics. Often the software is bundled with another
program. Though users authorize the download, it's not always
clear what they're getting.
For example, TopText is bundled with other software, including
the KaZaA peer-to-peer file-sharing software. TopText from
eZula is a browser plug-in that adds hyperlinks to a user's
Web view. Users can identify keywords that interest them;
in addition, sponsors can purchase keywords or phrases that
redirect TopText users if they click on them.
Gator declined to discuss its software-bundling partnerships.
But published reports say Gator software is bundled with Webshots,
a free screensaver program, and DivX Pro Video Bundle, a program
for creating and viewing videos in the DivX video format,
among other pairings.
On its Web site, Gator refutes the contention that users
are unaware they have installed Gator software: "All
authorized distribution of Gator Corporation software products
are 'permission-based' and require an active consumer action
before the software is downloaded and installed. In addition
all users receive multiple communications during the process.
. . "
Raises privacy issues
Ad etiquette aside, scumware raises security and privacy
issues for corporations when users download such applications
on company PCs. To perform ad-serving and Web-tracking functions,
scumware applications typically attempt to communicate with
servers outside the corporate firewall.
Jim Henderson says many users have downloaded Gator at his
employer, Washington Suburban Sanitary Commission (WSSC) of
Laurel, Md. Henderson, who is a network engineer at the public
water utility, says 200 to 300 of WSSC's 1,500 employees have
installed Gator. He speculates that Gator made its way into
WSSC users' systems by piggybacking on Webshots screensaver
software, which is popular with users at WSSC.
WSSC has policies restricting frivolous downloads, but they
are not enforced.
"We are not strictly enforcing people who download unauthorized
software, other than to remove it if it causes a problem,"
Henderson says.
And Gator has caused problems, he says. It sometimes causes
error messages when users launch their Internet Explorer browser;
uninstalling Gator stops the error, he says.
He's also heard from co-workers that Gator can cause Windows
NT machines to crash. When that happens, rebuilding a user's
system takes two to three hours, Henderson says.
Help available
To help companies with scumware blues, security vendors offer
programs to identify, cleanse or handicap applications that
don't belong on corporate networks.
Ad-aware from Lavasoft is a free removal utility that scans
memory, registry and hard drives for known spyware and scumware
components. Originally intended for personal use, a network-compatible
version is in the works, says Lavasoft spokesman Michael Wood.
Ad-aware 6 will let companies scan all their users' computers
and drives from a central location, rather than having to
install and maintain Ad-aware on each PC. The new version
is in early alpha testing now, and Lavasoft will begin beta
testing later this month.
Symantec this month started shipping desktop software that
combines antivirus, intrusion-detection and firewall protection.
Aimed at corporations, Client Security protects against attempts
by unauthorized applications to communicate over the Internet,
says Timo Kissel, senior director of program management at
Symantec.
Similarly, Zone Labs offers its Integrity line, which can
stop unauthorized applications that try to connect to the
Internet.
WSSC's Henderson says greater vigilance is warranted. "We
could do better in providing security-awareness training to
employees," he says. "Strictly enforce unauthorized
software downloads and restrict local admin rights being given
to users unless it is necessary."
This document is provided for informational
purposes only. The information contained represents the current
view of the author on issues discussed as of the date of publication.
Because TheManageMentor must respond to changes in market
conditions, it should not be interpreted to be a commitment
on the part of TheManageMentor or the content author. TheManageMentor
cannot guarantee the accuracy of any information presented
after the date of publication. The user assumes the entire
risk as to the accuracy and the use of this document.
Information Provided In This Document
Is Provided "As Is" Without Warranty Of Any Kind,
Either Express Or Implied, Including But Not Limited To The
Implied Warranties Of Merchantability, Fitness For A Particular
Purpose And Freedom From Infringement. This document may not
be copied or distributed. All trademarks acknowledged.
|
