Adware and Spyware on Corporate Networks

Something wicked this way comes. Spyware and adware companies are going on serious legal offensives (having had several legal threats against my own company as of late) as they try to clear their names from the being labeled as spyware and adware. I think it is too little too late at least in the corporate arena.

Now the FTC is really stepping up their information gathering. I have received several requests from them for more hard data on spyware and adware. I don’t know what their plan of action is, but something is brewing along the federal front.

The sad thing is that in terms of Adware I think it was a good concept at one time. However it became warped and it is now more aggressive than ever. But not all adware is bad…

For example I don’t think having contextual ads in my Gmail service is a problem. I like the service, I like the contextual ads and they do not usurp my browsing or e-mail reading service. The same for Copernic or Opera where the ads sit inside the application.

Nor do I think Amazon showing related book ads on their Alexa toolbar is a problem either despite potential security flaws.

In reality I don’t even mind pop-ups generated by adware companies as LONG AS THE POP-UP is CLEARLY LABELED as to where it is coming from and how the application was installed. To their credit Claria and WhenU already do this. I know if the pop-up is clearly labeled from the adware application I can easily remove it if I so choose. Most adware companies do not apply labels to their pop-up ads so as far as the user is concerned it could be Google, Yahoo or even Revenews throwing up these advertisements. So three easy steps could help solve this problem

A) Easy to read and understand EULA that explains in plain language what the software will do. Google does a great job of this.

B) Clearly labeling the pop-up advertisement so the user knows what application is generating the ads. Claria and WhenU do this as far as I can tell.

c) Clear and easy removal instructions if the user tires of the application. This means easy to use the Windows remove feature and possibly entry in the task bar or the program itself.

Perhaps that’s the real problem with these software applications, if they are so damned useful why all the subterfuge? Why the variants? Why the polymorphic tactics? Why do they evade detection and make it difficult for users to remove the application? Some even go as far as to disrupt the LSP stack and therefore the user’s Internet connection upon forced removal.

I’ll tell you why- users can get better applications at low cost or for free.

Furthermore systems administrators do not want these applications on their networks. Case in point- we have a client with over 20,000+ machines on their network using our corporate solution. They don’t want ANY adware or ANY application on their network that they have not blessed including benign toolbars. Call it adware, call it loyaltyware, call it spyware- you can call it funware- they don’t want it because in aggregate it tears apart their resources.

Even if the application is useful they feel it eats up network bandwidth and buggy applications soak up valuable IT resources. They don’t want cute smileys in their e-mail, they don’t want employees shopping on company time and they really don’t want employees sucking down the latest ripped MP3s from some P2P service.

Another case in point. A certain Secret Service contacted me some time ago because they wanted to block the installation of all chat applications on their machines. As far as they were concerned chat applications, with or without adware, were security threats. So in the network environment adware and spyware are just the tip of the iceberg- there are many legitimate applications that adminitrators do not want on their netowrk.

The corporate network environment is far different than the home environment and the feedback I am getting from IT managers is simple- “We don’t wany spyware, adware or any application that we haven’t approved on our network”. Adware makers might take this cue and develop software that is really useful, so useful that people want to pay for it

As for marketers the lesson is simple- remember this is where your message and hence your brand is going to be seen.

About Wayne Porter

Wayne Porter is one of the original founders of ReveNews.com, and served as the CEO and founder of XBlock Systems a specialized research firm on greynets and malware research before being acquired by unified communications security leader, Factime Security Labs. His work includes serving as a panlist at the Federal Trade Commission to shape legislation on software and the creation of two patent-pending technologies for corporate networks. Wayne is a frequent speaker at e-commerce & business events including CJU, ASW and RSA and frequently cited in the press. He has been designated a Microsoft Security MVP three times and is recognized on Google’s Responsible Security Disclosure page- in addition to receiving the first Summit Legend Award. Wayne currently works as a Security Consultant on Social Media and operates a consultancy on digital worlds. His hobbies include reading science fiction, playing chess, fishing, writing, collecting shiny digital gadgets, playing racquetball and studying memetic engineering. He maintains a personal weblog at WaynePorter.com detailing his explorations in security, web 2.0, and virtual worlds.
You can follow Wayne on Twitter: @wporter.

Website: http://www.wayneporter.com