Category: Uncategorized

I have received some requests for the text of the letter we sent to iDownload (PDF).

Admittedly, this is a strange title for an antispyware blog, but there’s good reason for it. In order to understand the “enemy”, you have to understand the mind of the enemy (and pardon me for using such a harsh term as enemy, but many users feel that’s a perfect term to describe adware on their systems).

Adware “works” for two groups alone: Adware developers and advertisers.

It’s enormously profitable. In fact, it’s probably a much more profitable business to be in than making antispyware tools such as Counterspy.

(Veteran spyware warriors won’t find anything new in this blog, but many people relatively new to the spyware business will be surprised at these statistics.)

Take a look at Claria’s SEC Form S-1. Claria, formerly Gator, filed this form to go public but later withdrew their IPO in August 04 “in light of current market conditions”.

Perhaps it’s the finance wonk in me that is interested in these numbers, but check this out:

In 2000, they had $3.8 million in sales. Just three years later, they had $90 million in sales, with $26 million in operating income, 28% of sales. In the software business, you’re happy if you get to between 10 and 20% operating income.

In short, a great business. And investors know it. Take a look at this list of investors for adware companies. These are not shady investors. In fact, many are the blueblood of the investment community.

Next in funding adware are the advertisers themselves. One would think that adware vendors typically get their advertising support from peddlers of gray-market viagra and the like. However, that’s not always the case. Take a look at some of this advertiser data. There are big name brand operations using it.

Why? You can’t sell advertising if there’s no ROI. And adware has delivered a revolution to advertisers, because now you can do something that is a marketer’s dream: TARGETING.

It’s pretty obvious that good ads go to waste when placed in front of the eyeballs of the wrong demographic. Adware allows advertisers to specifically target people based on their online behavior. Someone who buys lots of books online may get an ad for a bookstore, and so on. I’ve mentioned this before, but it’s worth taking a minute to review Claria’s flash tour of how their system works.

So targeting/relevannt advertising and just the plain ability to get lots of ads out ot lots of people is why adware works.

Alex Eckelberry
President

There’s a furor on the ‘net about iDownload having sent out cease and desist letters to pretty much most of the known universe.

We got a letter, and we sent a response. It’s 16 pages, with detailed documentation about iDownload’s practices. I’m not sure about posting a link yet, but may if people want to see the letter.

Alex Eckelberry
President

Talk about the fox being in the hen house.

Monday, we got a cease-and-desist letter from some adware vendor, accusing us of defamation or some such nonsense.

Well, we get these kinds of notices all the time, albeit not nearly as threatening as this one. They are actually quite interesting.

We get emails like “you jerks, you’re listing my product as adware, which is totally legitimate, bla bla bla”. We have a very specific protocol and criteria that we follow when we get these things, and we also have very good attorneys 😉

But it begs the question, what is adware, anyway? And what is spyware?

It’s pretty simple to me: It’s technology that either spies on you, puts ads onto your system, or both.

More realistically, it’s usually that crap on your machine that bloats it, reduces the speed to a 1995-era Windows 95 box, and causes crashes. It usually tracks your surfing habits and pops up “relevant” ads.

There’s also real spyware, like keyloggers, which your Significant Other might have installed to track your habits online… or a Russian hacker put on your system to steal your passwords or credit card numbers.

(Note: Cookies are relatively harmless, but many users like to know about them, so we look for cookies as well in our spyware program.)

But adware is the prevalent problem. Their history is something like this: Back in the 90s, some company came up with an advertising supported model to help shareware authors make money on all those people who used their products without paying any money. I was offered this type of opportunity when I was at another company, and just balked. You want to put a friggin banner ad in my program? Get a life.

There is legitimacy to the advertising model. Sure, you might want some program that gives you updates on weather or the latest movies, or whatever. And these people have a business to run. So you get, in exchange for ads popping up on your system, a “free” program.

Part of the problem is, most users don’t understand the impact these types of applications may have on their systems, in terms of performance and stability.

And some of the stuff out there is disturbing to some in terms of privacy. While I’m not some privacy nut, I don’t think people understand that some of these adware programs are actually tracking their habits. For example, when they go to an online bookstore and then go to another, the adware might serve a “relevant” ad (such as an ad to go to an entirely different bookstore). That’s uncomfortable for some people.

And why do users have this type of program running on their system in the first place? They may have gotten it through a P2P file sharing program, or from some sneaky “Click Now” box they got while surfing. But non-adware programs can all be found online. You don’t need a search bar telling you where to go. Use Google. You don’t need a program giving you movie times. Go to movies.com. Etcetera.

(By the way, if you want an example of how this type of stuff works, check out Claria’s Quick Tour flash presentation they use to sell to advertisers. It’s enlightening.).

But finally, a fair amount of this stuff is just crap. There’s a lot of poorly written software that really does turn your computer into a sad pile of dung.

So any expert who is diagnosing a system and sees an “innocuous” adware program is going to remove it immediately.

Our philosophy is simple: People need to know about software that is potentially an issue on their system. Sometimes, we just tell them about it, and leave the default option to “Ignore” (useful for things like remote control software that a user may not know is on their system). But we TELL them about it. And then we give them an opportunity to get it off their system.

This whole issue of “what is spyware, what is adware” was recently highlighted by Lavasoft and PestPatrol delisting WhenU.

WhenU, which makes adware like WeatherCast, ClockSync and WhenUSearch, is a company that is trying very hard to be legitimate. And to their credit, they have been making strides.

However, it’s still adware. It’s still software that turns your PC into an advertising vehicle for others. It’s no longer your machine, it’s the advertisers.

Is that bad? Is that wrong? Not necessarily. But our position is clear: The user needs to know that this stuff is on their system.

You get grandma calling you up and saying “my system just isn’t as fast as it was before, and it has all these ads”. What’s your first reaction? You tell her to run an antispyware program. At that point, she can make the decision as to whether or not to remove this stuff. An antispyware program can provide information to help the user make an informed decision, but at the end of the day, the USER is given the choice. They have a right to know what is on their system. It is, after all, THEIRS.

In the WhenU situation, Lavasoft, probably in an attempt to avoid the chimera of legal action, came up with a rating system, called Threat Assessment Chart (TAC). This is a point system which apparently allows them to “objectively” determine whether or not something is spyware.

Now, Lavasoft is a company that is absolutely reputable in this space. What happened is that they are allowing an objective criteria to get in the way of something that is both objective and subjective. You must have some method of determining something is spyware beyond a simple scoring system.

And a lot of that subjective criteria is “Would I like to know this is on my system?”.

More later.

Alex Eckelberry
President

Next quarter, we will be releasing a new version of iHateSpam Server, which is currently code named “Ninja” (these are the types of codenames you get when you have sys admins working on products). It will be in two parts—an antispam version (which will be free for iHateSpam users under maintenance) and a full version with AV.

Now, Ninja reflects a lot of current thinking in the business: A) you shouldn’t trust all of your security needs to one vendor and c) that you need a layered security model in protecting your infrastructure.

If anything, you want a security framework that allows other stuff to be plugged in.

This is relevant given Microsoft’s recent decision buy Sybari Software , a smart move on their part. Sybari’s Antigen is a really nice product (we use it ourselves) and epitomizes this type of “framework” thinking. When you buy Antigen, you get a several engines for free in the product, and I believe you get the option of buying additional engines. So you aren’t tied into one antivirus platform, like Trend or Symantec. And you have a layered security model built into it, with the multiple engines. Then you can buy the Spam Manager which integrates with Antigen.

The result is powerful. Putting Antigen into a corporate network has the pleasing result that you really don’t get viruses (with some basic management on our part, we haven’t gotten one virus through email since we put in Antigen approximately 3 years ago).

So Microsoft gets to say “Hey, we’re not killing the industry, we are just offering a platform, which includes engines from our lovin’ partners like Sophos and CA”. They will, of course, include the GeCAD engine they bought or maybe provide it as an purchasable option. So they get to look like the Switzerland of the business.

This move was very sly on their part.

However, Antigen is, by industry standards, a wee bit long in the tooth. There’s a lot they could be doing, which they aren’t. And without spilling the beans, Ninja is the next evolution of thinking in message security. We basically took a blank page and created a new model for a messaging framework. The result is fairly spectacular.

Ninja is a framework type model like Sybari’s. It will include a couple of free antivirus products as well as antispam technology. Future versions will include content inspection, etc. However, it reflects a whole new breed of thinking in message security.

Standby for more. We’re excited about this release.

Alex Eckelberry
President

Recently we replaced the spam engine in iHateSpam Server with a new engine from Cloudmark. This is a marked improvement — extraordinary increases in speed and accuracy. The vast majority of customers are extremely pleased with this move.

But it does bring to light one of the interesting side notes on the spam frontier. After I announced the deal, we got approached by other antispam companies wanting us to look at licensing their code. To me, this only reinforced the viewpoint that the antispam business is largely becoming commoditized; engines are a dime-a-dozen, you can pick and choose what you want, and slip it in.

But this is sloppy thinking. The problem is there are disparities in antispam engines. No engines are getting 100% of the spam coming, with zero false positives. There are engines that are highly accurate, getting lots of spam but almost no false positives. Then there are fuzzier engines, which get lots of spam but have an increased amount of false positives. In other words, there’s room for innovation.

There’s also the pressing need for a change in the protocols. SMTP just doesn’t cut it. It’s spoofable and flexible for spammers. The only hope we have of a total antispam solution is to go toward a new mail architecture–a secular change in the platform.

More another time.

Alex Eckelberry
President

On Tuesday at the RSA Conference, Bill G. announced that their antispyware product would be free. However, he did say that the enterprise version would cost money.

I would expect that this new product would be available in the summer/fall, possibly included in the new IE 7. It is unknown at this point whether or not this new product will support platforms other than 2000 and XP (which is what the current beta of MS Antispyware supports).

IMHO, it is doubtful that Microsoft’s free product will be able to get all the spyware. It will also be the target of hackers (as we’ve recently seen ). Furthermore, MS will be faced with the same legal threats from adware vendors that all of us in the spyware business have been faced with. That may very well force them to take out certain programs from the removal database that should, in fact, be considered adware/spyware.

This still leaves plenty of room for legitimate companies like Sunbelt to compete. Unlike defragmentation and memory management (two areas where Microsoft has included free products to the detriment of the commercial providers), spyware is not (at least currently) a one-horse game. You need multiple technologies to kill spyware. And I doubt that the MS engine will be capable of getting ALL the spyware. The spyware business has been around for three years, and still, no one product (including ours) can promise 100% detection.

Our course is to continue to improve CounterSpy, to build a world-class product that detects a vast amount of spyware. We get the definitions from Microsoft and then add our own.

On the enterprise side, we are building a solid enterprise antispyware business. But ultimately, CounterSpy and CounterSpy Enterprise will evolve into full threat management products, including antivirus and firewall components (perhaps as a whole new products).

Alex Eckelberry
President