Microsoft Draws Criticism For Changing AntiSpyware Definitions

Microsoft quietly changed how its for-free AntiSpyware program handles a pervasive form of adware, a move that has drawn criticism because of recent reports that Microsoft is interested in buying adware-maker Claria.

Gregg Keizer, Contributor

July 8, 2005

3 Min Read
InformationWeek logo in a gray background | InformationWeek

Microsoft quietly changed how its for-free AntiSpyware program handles a pervasive form of adware, a move that has drawn criticism because of recent reports that Microsoft is interested in buying adware-maker Claria.

Eric L. Howes, who consults with Sunbelt Software and is on the faculty of the University of Illinois, stumbled on the change while testing four Claria applications: Dashbar, Gator, PrecisionTime, and Weatherscope. He traced the change back to early March, at which time Microsoft AntiSpyware detected the Claria programs, but modified its default recommendation to "Ignore." (Howes posted a screenshot of AntiSpyware in action on the Broadbandreports.com message area.)

Prior to that, AntiSpyware detected the four Claria titles, but used the default recommendation of "Quarantine," which effectively disabled the adware.

According to anti-spyware maker Webroot's research, Claria's adware is on an estimated 2.2 percent of all PCs, making it the second-biggest adware/spyware threat to PCs.

"If you ignore the conspiracy theory [that Microsoft did this because it's thinking of buying Claria], then the question becomes 'On what basis was this decision made?'" said Howes.

At the very least, he added, Microsoft should have taken the time to tell users why it changed the default setting. "If Microsoft made the change on good evidence, that seems potentially legitimate, but none of this was presented to the user."

However, like many anti-spyware vendors, Microsoft keeps its criteria close to its vest, and doesn't share its rationales with users or, of course, adware and spyware vendors.

A Microsoft spokesperson, who did not deny that the company changed the default from quarantine to ignore, declined repeated requests over a 24-hour period to offer further comment or clarification. A spokesman for Claria did not immediately respond to requests for comment for this article. (UPDATE: A few hours after the publication of this article, Microsoft issued an open letter to customers explaining its position.)

In late June, pieces in the Wall Street Journal and the New York Times quoted unnamed sources who said that Microsoft was in talks with Claria to buy the Redwood City, Calif.-based Internet marketing company. At that time, both Microsoft and Claria executives declined to comment on the rumors.

Noted spyware and adware activist and researcher, Ben Edelman, who confirmed AntiSpyware's new Claria recommendation, is much more critical of Microsoft. Nor does he think the chatter about an acquisition and the change to AntiSpyware are unconnected.

"It's true that we don't have all the facts that we would like to have to draw a good conclusion," said Edelman, "but an acquisition doesn't arise overnight." It's conceivable, he said, that talks between Microsoft and Claria preceded the March 1, 2005, change made by AntiSpyware.

Both Edelman and Howes noted that the timing of Microsoft AntiSpyware's Claria change closely matched when Computer Associates de-listed Claria's software from its Pest Patrol database. Two weeks later, CA relisted Claria, saying it had re-evaluated Claria's programs and decided they were adware.

CA removed Claria's adware from the Pest Patrol database on March 25, a bit more than three weeks after Microsoft changed AntiSpyware's recommendation.

"All Claria had to do to get de-listed from Pest Patrol was send a letter," said Edelman. "For that letter, they got a free pass for two weeks."

What's most troubling, both Howes and Edelman said, is that the whole back and forth between adware/spyware vendors and anti-spyware developers is done behind doors. "Removing adware from a [product's] database or changing how adware or spyware is detected is almost always done secretly," said Edelman.

About the Author

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights