[ISN] Symantec Takes Heat For Changing Adware Advice

InfoSec News isn at c4i.org
Mon Mar 6 05:31:30 EST 2006


By Gregg Keizer 
Mar 3, 2006

Symantec's out-of-court settlement with an adware maker is a loss for
users, an anti-spyware researcher said this week.

Friday, Feb. 24, the Cupertino, Calif. security company announced that
it had dismissed its lawsuit against browser and e-mail toolbar maker
Hotbar.com, Inc. Last June, Symantec filed a zero-dollar suit against
the New York company, saying then that it was seeking a legal ruling
that would affirm the position that Hotbar's programs "are indeed
adware and can be treated as computer security risks."

Under the new arrangement struck with Hotbar, Symantec has agreed to
dismiss the lawsuit but will still classify the company's software as

Symantec called it a victory.

"What we got out of this was peace from these guys," said Joy Cartun,
Symantec's senior director of legal affairs. "We didn't change our
detection, so in that way we won."

Hotbar, which had hounded Symantec with at least five litigation
threats in the first half of 2005, is now blocked from any further
action, said Cartun. "We get them to go away, but without having to
make a change in our detection of them [as adware]."

Hotbar's chief executive, however, was convinced that he had won.  
"Both sides now recognize that our application is disclosing its
behavior," said Oren Dobronsky. "We've gained that recognition, so
that when users scan for spyware, they don't get some kind of alert
and by default, then remove it."

Symantec acknowledged that although its security software will
continue to detect Hotbar's products as adware, it has changed the
recommendation it gives to customers. Previously, Symantec recommended
that users delete Hotbar; now, says Symantec, it's reclassified
Hotbar's toolbars as "low-risk" and recommends that users ignore the
software and let it be.

"We're telling users what it is, and assisting them to make a choice
[whether to keep or remove Hotbar]," argued Symantec's Cartun. She
also claimed that Symantec had been thinking of making the change long
before Hotbar started complaining.

"The change was driven not by Hotbar, but from what we learned what
our customers wanted. They wanted guidance," she said. "The change was
on a totally independent track [from the lawsuit]."

Noted anti-spyware researcher Ben Edelman isn't buying that. By
backing down on its recommendation from delete to ignore, said
Edelman, Symantec's not serving its customers.

"If I was an IT guy paying Symantec to defend my computers, I'd ask
'what are we paying them for, I still see Hotbar on a user's
computer,'" said Edelman. "Something's gone wrong at Symantec."

This isn't the first time that an anti-spyware maker has backed off
from a vendor. A year ago, Microsoft quietly changed the advice it
gave users on programs supplied by Claria, one of the largest adware
purveyors. The resulting storm in the press and by bloggers forced
Microsoft to issue an open letter to customers explaining why it made
the changes.

Symantec's move is more of the same, said Edelman.

"They just don't get it. Whether software gets consent from users to
install isn't the only thing they should be looking at." He questioned
whether users of Hotbar understood they would get pop-up, pop-under,
and auto-opening ads when they consented to the installation, and
criticized the company for targeting kids with come-ons to download
and install their toolbars.

"Children may be less able to assess the merits of an Hotbar offer,"  
Edelman wrote on his Web site in an analysis of Hotbar done last May.  
"[They're ] less able to determine whether Hotbar software is a good
value, less likely to realize the privacy and other consequences of
installing such software, less inclined to examine a lengthy license

Symantec and other security vendors claiming to sniff out adware and
spyware should take factors like those into account, Edelman told

"Unfortunately, this isn't the kind of analysis that comes naturally
to security experts," he said. "They're used to thinking of worms as
all bad, and they're not in a position to shift gears to more
subjective decisions."

Still, Edelman's hopeful, if not because of the Symantec dismissal,
then because of the general trend he sees shaping up.

"What's interesting is how much things have changed since last spring.  
Then, there were new letters going out to anti-spyware companies every
week. That's stopped as far as we know.

"Why? I think the legal merits have sunk in, and that adware makers
know they don't have a leg to stand on."

More information about the ISN mailing list