Did Anti-Spyware Vendors Cave In To Pressure From Spyware Authors?

Computer Associates and the vendor that makes the anti-spyware package Ad-Aware are coming under fire from anti-spyware advocates, who say the vendors have quietly, and wrongly, delisted WhenU from their database of spyware.
Computer Associates and the vendor that makes the anti-spyware package Ad-Aware are coming under fire from anti-spyware advocates, who say the vendors have quietly, and wrongly, delisted WhenU from their database of spyware.

"People are really, really angry. They feel like they've been stabbed in the back, because Lavasoft [the company that makes Ad-Aware] slipped this significant change in and didn't tell them," said anti-spyware advocate Eric Howes, a regular contributor to Spyware Warrior.

CA says it did inform users that it was removing WhenU software from its spyware database, on a page on the site on which it lists updates to the program. But Howes says if that's true, he was unable to find the page after extensive searching on the site.

CA says the removal is temporary, done because WhenU appealed its inclusion in the CA database. CA is reviewing hte software. When CA makes its decision on the appeal, the WhenU software will either be removed permanently, or re-instated to its database of spyware.

Until Feb. 5, WhenU was included in the LavaSoft database of spyware. The package was de-listed, and LavaSoft didn't notify its users, nor was the removal discovered until Feb. 13, three days ago, Howes said.

LavaSoft did not respond to a request for an interview. The company is notoriously closed-mouthed with outsiders.

Lavasoft said in a statement on its Web site: "Lavasoft does not cooperate with WhenU!"

The full statement explains:

As a result of recent rumours and speculation by members of the privacy community and the public at large, Lavasoft wants to make clear that it has not and would not collaborate with any companies that have produced content detected by Ad-Aware. Ad-Aware products are designed purely for scanning and removing of suspicious content (at the user's discretion) and Lavasoft would not ally with adversaries under any circumstances.

WhenU was indeed removed from the database by research in the last definition file. This however was due to WhenU not scoring more than 2 TAC points at the time, 3 points being the minimum score to be included in the database. More information on the Threat Assessment Chart can be found at

The TAC report will be reviewed in more detail by our R&D department and in case it turns out that the removal was incorrect, WhenU will naturally be reintroduced to the database.

WhenU Defends Itself
WhenU, meanwhile, said it's not spyware. It's an ethical producer of adware, said company president and founder Avi Naider. When the company is accused of being a spyware producer, it always challenges the accuser to come up with set of criteria by which spyware should be judged. Presented with those criteria, WhenU always passes, Naider said.

The company has the seal of approval from TRUSTe, an organization that validates privacy protections on web sites.

WhenU makes adware that's bundled with other applications, the most popular being BearShare, a peer-to-peer filesharing application. Howes said the software is harmful because users often don't know they have it, the users don't want it, and they don't remember how they got it.

WhenU's software provides "contextual advertising." It monitors which sites a user visits, and then displays pop-up ads based on the nature of a site being visited, Howes said. A user visiting a merchant site might get a pop-up ad for a competing product.

"WhenU has been in the news for the past year or so because it has been among the most prominent adware companies attempting to clean up its public image," Howes. Other companies that are fighting the spyware stigma include Claria and 180Solutions.

Howes said he believes that WhenU was removed from the LavaSoft spyware list because WhenU has changed its business practices, adding a new installation screen in BearShare. "I think there's a significant improvement in the notice and disclosure screen," he said.

However, the new installation screens in BearShare don't affect people who already installed BearShare, or people who've installed WhenU software with other applications.

"Although I consider these improvements to be significant, I'm not ready to sound the all-clear signal because we still have to see how the improvements play out in the real world with actual users," Howes said, adding that he wants to see whether users of the new version of the software prove to be aware of what the software does and how they got it.

Testing WhenU
Security Pipeline ran the BearShare installation program; one of the first setup screens says:

BearShare comes with ads - Please read this carefully
Here's the deal: To use BearShare for free, you must keep Save! software on your PC. Save! shows you ads and coupons while you browse the web. Save! ads are targeted based on the websites you visit and web content you view.

The screen doesn't say that the ads are popups, but it does say:

Save! ad, which slide up in front of or behind your browser, are always branded Save! and tell you they are coming from software - not websites.

The next screen is the End-User License Agreement (EULA), which is the usual dense thicket of legalese and fine print; however, in the very first page it does say, "Offers and information are displayed in the form of interstitials ("pop-up ads") and various other ad formats."

SpyBot Search & Destroy tags WhenU SaveNow as a potential problem on a system.

We haven't yet tried un-installing BearShare to see if the WhenU software is also gracefully removed. (One of the chief characteristics distinguishing spyware from legitimate software is that spyware often resists being uninstalled.) Watch this page for updates; we'll let you know if we have any problems uninstalling the software.

Editor's Choice
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing
John Edwards, Technology Journalist & Author
Shane Snider, Senior Writer, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
John Edwards, Technology Journalist & Author