Monday, we got a cease-and-desist letter from some adware vendor, accusing us of defamation or some such nonsense.
Well, we get these kinds of notices all the time, albeit not nearly as threatening as this one. They are actually quite interesting.
We get emails like “you jerks, you’re listing my product as adware, which is totally legitimate, bla bla bla”. We have a very specific protocol and criteria that we follow when we get these things, and we also have very good attorneys 😉
But it begs the question, what is adware, anyway? And what is spyware?
It’s pretty simple to me: It’s technology that either spies on you, puts ads onto your system, or both.
More realistically, it’s usually that crap on your machine that bloats it, reduces the speed to a 1995-era Windows 95 box, and causes crashes. It usually tracks your surfing habits and pops up “relevant” ads.
There’s also real spyware, like keyloggers, which your Significant Other might have installed to track your habits online… or a Russian hacker put on your system to steal your passwords or credit card numbers.
(Note: Cookies are relatively harmless, but many users like to know about them, so we look for cookies as well in our spyware program.)
But adware is the prevalent problem. Their history is something like this: Back in the 90s, some company came up with an advertising supported model to help shareware authors make money on all those people who used their products without paying any money. I was offered this type of opportunity when I was at another company, and just balked. You want to put a friggin banner ad in my program? Get a life.
There is legitimacy to the advertising model. Sure, you might want some program that gives you updates on weather or the latest movies, or whatever. And these people have a business to run. So you get, in exchange for ads popping up on your system, a “free” program.
Part of the problem is, most users don’t understand the impact these types of applications may have on their systems, in terms of performance and stability.
And some of the stuff out there is disturbing to some in terms of privacy. While I’m not some privacy nut, I don’t think people understand that some of these adware programs are actually tracking their habits. For example, when they go to an online bookstore and then go to another, the adware might serve a “relevant” ad (such as an ad to go to an entirely different bookstore). That’s uncomfortable for some people.
And why do users have this type of program running on their system in the first place? They may have gotten it through a P2P file sharing program, or from some sneaky “Click Now” box they got while surfing. But non-adware programs can all be found online. You don’t need a search bar telling you where to go. Use Google. You don’t need a program giving you movie times. Go to movies.com. Etcetera.
(By the way, if you want an example of how this type of stuff works, check out Claria’s Quick Tour flash presentation they use to sell to advertisers. It’s enlightening.).
But finally, a fair amount of this stuff is just crap. There’s a lot of poorly written software that really does turn your computer into a sad pile of dung.
So any expert who is diagnosing a system and sees an “innocuous” adware program is going to remove it immediately.
Our philosophy is simple: People need to know about software that is potentially an issue on their system. Sometimes, we just tell them about it, and leave the default option to “Ignore” (useful for things like remote control software that a user may not know is on their system). But we TELL them about it. And then we give them an opportunity to get it off their system.
This whole issue of “what is spyware, what is adware” was recently highlighted by Lavasoft and PestPatrol delisting WhenU.
WhenU, which makes adware like WeatherCast, ClockSync and WhenUSearch, is a company that is trying very hard to be legitimate. And to their credit, they have been making strides.
However, it’s still adware. It’s still software that turns your PC into an advertising vehicle for others. It’s no longer your machine, it’s the advertisers.
Is that bad? Is that wrong? Not necessarily. But our position is clear: The user needs to know that this stuff is on their system.
You get grandma calling you up and saying “my system just isn’t as fast as it was before, and it has all these ads”. What’s your first reaction? You tell her to run an antispyware program. At that point, she can make the decision as to whether or not to remove this stuff. An antispyware program can provide information to help the user make an informed decision, but at the end of the day, the USER is given the choice. They have a right to know what is on their system. It is, after all, THEIRS.
In the WhenU situation, Lavasoft, probably in an attempt to avoid the chimera of legal action, came up with a rating system, called Threat Assessment Chart (TAC). This is a point system which apparently allows them to “objectively” determine whether or not something is spyware.
Now, Lavasoft is a company that is absolutely reputable in this space. What happened is that they are allowing an objective criteria to get in the way of something that is both objective and subjective. You must have some method of determining something is spyware beyond a simple scoring system.
And a lot of that subjective criteria is “Would I like to know this is on my system?”.