3/24 update here
180 Solutions has been trying to become legitimate (see, for example, Wayne Cunningham’s post on his blog). Their joining COAST (the antispyware consortium) was the primary reason COAST recently fell apart.
As a result of 180 Solutions contacting us, we followed up with our usual extensive analysis of their practices. However, during the analysis we discovered some other things. We have written a whitepaper that details the issues we found here.
The whitepaper will be released in a formal fashion over the next several days, but I thought I would give a bit of advance notice on the blog.
The evidence is not in 180’s favor.
There’s a lot in this writeup, but as Suzi at SpywareWarrior pointed out, the areas that are probably most interesting to people are on pages 9-10 and and 18-26.
Here’s the quick and dirty:
As part of 180’s COAST certification, 180 agreed to a “CBC Force Prompt”. This feature is designed to alert users to the installation of 180’s software.
This prompt is shown when a certain registry key is set to “0”. If it’s set to “1”, there is no prompt.
This is a serious weakness in the 180 installer. It is trivially easy for a rogue affiliate to simply set the value to 1, and the 180 install sails through, with the end-user none the wiser.
However, it appears that 180solutions is itself electing to bypass the “CBC Force prompt” in order to avoid alerting users to the installation of 180’s software, and the implications of this are serious.
Sunbelt observed several installations of older versions of the 180search Assistant in which that software was updated to the latest version. After older versions of the 180search Assistant were “stealth-installed” via a Windows Media Player file and via a Java applet at lyricsdomain.com, that software called out to 180’s servers, and downloaded and installed the latest, COAST-certified version of the 180search Assistant.
This behavior is especially disturbing because many of the installations that 180solutions is silently updating through this method are the possible products of “force-installs” of 180’s software of users’ PCs, where those users received no notice or warning whatsoever of the 180search Assistant.
Instead of alerting users to the presence of 180’s software on their systems, 180 is updating those older software installations and versions to the latest 180search Assistant, allowing 180 to continue deriving economic benefit from those installations, entirely contrary to its publicly stated intention to clean up its distribution channels.