Yesterday, in an update to my post about the ongoing Microsoft/Claria rumors, I wrote:
The real story is that Microsoft has decided that high-profile adware makers who achieve a minimum threshold of disclosure (including Claria and WhenU) will be able to get an “Ignore” rating.
Microsoft earned a tremendous amount of goodwill earlier this year when it released a beta version of Windows AntiSpyware. That goodwill is vanishing at an alarming rate thanks to the rumors that Microsoft plans to buy Claria, a company that made its fortune as a leading distributor of spyware and adware. To compound the problem, Microsoft apparently relaxed its standards for certain high-profile adware companies, Claria included, earlier this year. This post details how much damage Microsoft is doing to itself and offers two admittedly controversial recommendations for how they can recover.
There’s no doubt that Microsoft has lightened up on some big names in the spyware/adware business. You can see some examples at the Sunbelt Blog, which is run by a company that sells a version of the GIANT AntiSpyware software that Microsoft purchased late last year and has repackaged as Windows AntiSpyware. Sunbelt’s Alex Eckelberry reports, accurately:
[W]e have reports now that there are a number of other items that have been downgraded to “Ignore” status, including certain WhenU adware programs, WebHancer and Ezula Toptext. So the Claria downgrade is quite likely part of a bigger picture regarding Microsoft’s listing criteria for adware.
Here’s the result of a scan I did just a few minutes ago on a system that has Claria’s GAIN adware components installed.
The software used to recommend removal. Now it says “Ignore.” Why was this change made? In a “Dear Customer” letter at Microsoft’s Security site, the Windows AntiSpyware team tries to explain and fails miserably:
As you may know, the analysis of software is based on a single set of objective criteria, which can be found on our web site: Windows AntiSpyware (Beta): Analysis approach and categories.
Microsoft offers all software companies the opportunity to request a review of how Microsoft classifies their products through our vendor dispute process. In January, Claria filed a request for Microsoft to reevaluate some of its products. Upon review of their software against our criteria, we determined that continued detection of Claria’s products was indeed appropriate. We also decided that adjustments should be made to the classification of Claria software in order to be fair and consistent with how Windows AntiSpyware (Beta) handles similar software from other vendors. At the end of March, we communicated to Claria the result of our analysis through our standard process.
We take software analysis for Windows AntiSpyware (Beta) very seriously and handle all vendor requests in the same manner. All software is reviewed under the same objective criteria, detection policies, and analysis process. Absolutely no exceptions were made for Claria. Windows AntiSpyware (Beta) continues to notify our users when Claria software is found on a computer, and it offers our users the option to remove the software if they desire.
That sounds good, but it doesn’t pass the smell test. Why not publish Claria’s request and Microsoft’s response so that customers can understand what changes were made and why? And why claim that there is a strict set of rules, when there’s no such thing? If you follow the link that Microsoft provides, you get to a well-written white paper that in fact does not include a “single set of objective criteria.” Here’s the relevant portion of the white paper. I’ve highlighted (in red) the parts that directly fly in the face of Microsoft’s claim to be applying objective criteria:
Microsoft researchers use the criteria categories described in this white paper to determine whether a program should be added to the definition library for detection, and what classification (type, risk level, and recommendation) would be appropriate.
[…]
The criteria categories include, but are not limited or restricted to:
- Deceptive behaviors: Includes problems with:
- Notice and consent about what is running on the user’s machine;
- Control over the actions taken by the program while it is running on the machine; and
- Installation and removal of the program from the machine at the user’s discretion.
- Privacy: Issues in collecting, using, and communicating the user’s personal information and behaviors without explicit consent.
- Security: Negative impact on the security of the user’s computer or attempts to circumvent or disable security, including but not limited to evidence of malicious behaviors.
- Performance Impact: General impact on performance, reliability, and quality of the user’s computing experience (e.g., slow computer performance, reduced productivity, corruption of the operating system, or other issues).
- Industry and Consumer Opinion: The software industry and individual users play a key role in helping to identify new behaviors and programs that could present risks to the user’s computing experience.
The context, intent, and source of the program are taken into consideration in determining whether certain criteria categories apply. For example, antivirus or firewall software that automatically starts (autostarts) without user input can be useful for helping to detect and block malware. In other cases, system services (such as print spoolers) may run in the background with limited or no user interface but have widely-accepted, legitimate purposes. Many legitimate programs could be flagged if criteria categories were applied without considering the context, intent, and source of the software.
Note that Microsoft reviews the behaviors of programs installed not only by the software vendor but also by its third-party affiliates to determine whether the software vendor and/or its affiliates should be included in the definition library.
Because new forms of software and their related behaviors evolve rapidly, Microsoft and other anti-spyware vendors need to be able to respond quickly and adjust classification criteria appropriately. Therefore, Microsoft reserves the right to adjust, expand, and evolve its criteria for analysis without prior notice or announcements as these new threats materialize.
In other words, someone (or a group of someones) at Microsoft decide, on a case-by-case basis, whether a particular piece of software should be included on the detection list, how it should be classified, and what action should be recommended for the user when the result is displayed after a scan. That’s reasonable. But it’s not what Microsoft is telling us, its customers.
If you follow the Microsoft links, all you know is that Claria complained, Microsoft reviewed its classification, and a change appeared in the list. Microsoft knows why. Claria knows why. Microsoft customers know nothing. Was the original classification wrong? Did Claria change its behavior in some significant way that caused Microsoft to re-evaluate its classification? Was there another reason for the change? Ben Edelman has an excellent summary of how badly Microsoft is screwing up:
Has Microsoft given in to vendors’ threats? Or forgotten how badly “adware” damages the Windows experience (ultimately encouraging users to switch to other platforms)? I’ve previously been impressed with Microsoft’s AntiSpyware offering; I’ve often used it and often recommended it to others. But screw-ups like this call Microsoft’s judgment into question. During this sensitive period, with Microsoft unwilling to deny the continued Claria acquisition rumors, Microsoft should be especially careful to put users’ interests first. Instead, Microsoft’s recommendations cater to the interests of the advertising industry. I’m not impressed.
Microsoft isn’t providing any details about the reasons for its decisions. And that’s the problem: No transparency. Microsoft doesn’t give customers any reason for them to trust Windows AntiSpyware to classify potentially unwanted software accurately and recommend actions that are in its customers’ best interests.
Scoble says Microsoft’s AntiSpyware team should start blogging. Perhaps. But if all they’re going to do is provide random explanations and swat at critics, that won’t do much good. A product like this requires formal communication with customers, first and foremost. I have two recommendations that Microsoft could adopt that would go a long way toward establishing an objective basis for that trust:
- Publish the Windows AntiSpyware database. Put it on the Web. Make it searchable. Provide a description of why each product is listed, how it’s classified, and what the recommended action is. Include a change log to document when classifications and recommendations change and why. Make the review process public. Ben Edelman has made this suggestion before, and I agree with it.
- Release control of the detection database to a truly neutral third party. If Microsoft controls the contents of the database, it will never be able to overcome the perception that it is basing its decisions on criteria related to profit and not on user needs. Create a nonprofit organization with an independent board of directors and well-qualified management, give it a charter, fund it through an endowment, and agree to indemnify it for any legal costs related to complaints over classification. Let that group build a spyware classification system using published criteria and feedback from customers. Publish the database under a Creative Commons license. If the organization providing this database has no commercial interest to provide a potential conflict of interest, the Clarias of the world would have quite a burden to overcome before they could establish that they’re being unfairly targeted.
How about it, Microsoft?
Ed Bott 
Ed:
In light of all this, would you recommend the Microsoft Antispyware program? Or should users who want to run such a program switch to a third-party vendor? Better yet, should users try avoiding these programs altogether? I no longer use them, and I have never had an adware or spyware program. I think the best approach is prevention and avoidance, not detection and cure after the fact.
The Windows AntiSpyware program still detects unwanted software just fine, so I have no problem recommending it to people who know what they’re doing. (In fact, it will detect an attempt to install Claria’s software and offer to block it for you, which is great and is the best part of the program.)
I would never blndly trust a third-party program to remove or ignore stuff. I advise making your own decisions on what actions to take.
I tested MS AntiSpyware on my machine by installing the only piece of intrusive adware I’ve ever been infected with and then running MS AntiSpyware to have it clean up the various toolbars, etc that were installed. MS AntiSpyware cleaned a small portion of the adware-installed programs but left the majorly intrusive ones (2 toolbars and a pop-up window).
To make matters worse, it broke the adware program’s uninstall function so then there was no way for me to remove those remaining programs without re-installing the spyware and uninstalling via add/remove programs. I am a ‘power user’ and I knew where the adware came from so I was able to do this. I think a normal user would not and would end up stuck with those toolbars, a worse position than they would have been in without MS AntiSpyware.
Full post w/screenshots here.
If Microsoft followed your suggestions on publishing the database and releasing control of the detection database, it would knock the wind out of a lot of the “I hate Microsoft” folks on this issue. Nice dare, Ed.
I do NOT recommend the MS product.
I DO recommend the classics: Ad-Aware, Spybot,
KazaaBegone, HijaakThis.
Gator/Claria has money, and ex-FTC lawyer
as their privacy frontman, but they’re still
scum. Microsoft caving to scum is pathetic.
— stan
What difference does it make if they get an IGNORE or QUARANTINE rating? Ad-aware, by default, sets everything to UNCHECKED in its config.
When everything is set to Ignore, the user gets to make up his/her own mind. Ad-Aware does include a “remove everything” button, right?
The problem with the Microsoft solution is that an untechnical user will see the recommendation and say, well, if Microsoft says this is OK, it must be OK. I better not remove it. And they will continue to get pop-ups and have their acbrowsing history reported to Claria.
If you want to make no recommendations, as Lavasoft does, great. But when Microsoft starts saying, “This adware is OK and this one is not,” they have an obligation to be transparent about why they make those recommendations.
Why you use WinDOS? Never understand.
Because of this change, I no longer recommend Microsoft AntiSpyware to my clients.
A pity – it was a good product but a spyware scanner that can’t be trusted is worse than none.
As usual, Microsoft is involved in a conflict of interest. Windows users classify spyware as unwanted, plain and simple. Microsoft classifies spyware based on how well the spyware publishers tell the user what their software will do. When you add that Microsoft plans to get into the spyware business themselves (by purchasing Claria or some other spyware program), their credibility will disappear entirely. Who in their right mind would trust Microsoft to classify their own program as spyware? It’s obvious to me that it won’t happen. Bottom line, Microsoft is changing their current definition of spyware so that their eventual purchase will fall off the spyware list (because buried in the EULA Microsoft will tell you that they will be collecting the information and sharing it, etc.) Whether or not Micrsoft changes their definition, however, the definition I use will not change. I will continue to use software that properly identifies spyware from someone who has no vested interest in the collection of my personal data.
As an aside, if data collection vendors would limit themselves to non-personally identifiable data, I would be happy to allow them to collect my surfing habits. I have no problem with them using me to collect the fact (for example) that an anonymous user shops for a particular Jazz CD online. But as long as any one of them insist on collecting that Dave May shops for a particular Jazz CD then I will not allow any of them to collect ANY data at all. So live with it or change your ways.
I find it funny that people say that instead of MS AS they are going to recommend other anti-spyware that has also capitulated to spyware threats (as outlined by the link in the article). For example, Ad-Aware has removed New.net from it’s list.
It seems that the spyware companies are sueing the anti-spyware vendors, and they’re often capitulating to their demands. You can’t trust any of them.
A clueless user infested with crap-ware runs MSAS:
“Microsoft says I should IGNORE GATOR/GAIN/Claria. If Microsoft says it is safe to ignore then OK – Ignore it is” The cycle of junk-ware and spy-ware continues on the poor sap’s computer… not very “trustworthy” if you ask me?
It’s a legal issue that’s forcing Microsoft to remove Claria et al. It’s well known that the user “accents” to a “license agreement” from Claria during the drive-by (er.. download). If they (Microsoft) remove it, they are violating the agreement between the user and Claria. That would allow Claria to sue Microsoft (probably for millions of dollars).
Symantec does the same thing with it’s SAV 10. At least they (Symantec) explain why they do it, and give you an option to “globally” turn it on at your request.
Microsoft ought to come clean and add a global option to allow you to do this and clearly explain why they have to keep it set to “ignore”.
I actually think MS has bigger fish to fry. Couple this with MS’s announcement that they are going to charge for both this and their AV flavor at some point down the road and we have some massive conflicts of interest.
IMHO, if MS can prevent my computer from getting viruses and spyware that slip in because of their programming errors, then they have no right to charge me to stay protected, and are in my mind, liable for any damages caused by something that slipped in because of their negligent programming (not just to the extent of the cost of Windows/Office/Whatever, but for additional damages). EULA be damned! You want trustworthy computing – earn it, don’t sell it.
Security out of the box and in perpetuity, to the best of your ability, which includes any software in your umbrella, such as Anti-spyware and Anti-virus.
Re: the smaller issue of Claria. I want to set remove all, all the time on my client systems and not have MS or anyone else monkey with it. I don’t want the clients I manage to ever have their bandwidth sucked by any of these apps. If it looks like adware or spyware, nuke it! I don’t care if it’s claria or MSN’s Asian site, I don’t want it sucking my bandwidth, processing, memory, dialing porn, etc.
If MS gets admin privileges fixed appropriately for Longhorn this might not be as much of a problem, but RIGHT NOW it is a problem.
“I actually think MS has bigger fish to fry. Couple this with MS’s announcement that they are going to charge for both this and their AV flavor at some point down the road and we have some massive conflicts of interest. ”
I was unaware that Microsoft had made such an announcement. Could you point me to it?
Another interesting application genre to investigate further is the “Remote Control” group. i.e. TightVNC and friends. I have to re-convince the AntiSpyware regularly that I trust TightVNC and it should just leave it the heck alone. Surely TightVNC offers a whole bunch more useful functionality than Claria, WhenU, etc…
(Brandon) I was unaware that Microsoft had made such an announcement. Could you point me to it?
To be honest, they haven’t officially made an annoucement they will be charging for Microsoft Windows AV, even though the Beta is free.
And it would be a cliche to say they are a bunch of money-hungry thugs who won’t give anything away they can charge a fee for.
That said – if it is intended to be a free software package, do you have any doubts they would have announced it by now?
The beta does have a “suicide gene”: December 31. So free or commercial, they don’t want anyone sitting on the beta forever.
My prediction is thus:
They will charge for Microsoft Windows AV. There will be a Home Edition – likely to be what they call a “nominal fee” (price,cost,etc.) that will be a $29.99,$39.99,$49.99, but likely no more than that. A Professional Edition, probably $79.99 – $99.99. (it’s tempting to throw $99 – $129.99 onto the table). The question is, what will the difference be WRT the feature set of the two? I’m certain someone reading this will have an immediate response – after they have skoffed at my prediction. Perhaps the Home Edition will work only – as in monitoring or plugging into Outlook + Outlook Express, but nothing else. Professional would likely handle both levels of Outlook plus browser-based email – Hotmail, Gmail, Yahoo! mail, etc. Plus, perhaps NNTP? (usenet for those who don’t know what that protocol is).
And finally, there will be the inevitable Corporate or Enterprise Edition, intended to reside on gateway servers (obviously, those exposed to the world, not the brand!), price depending upon the number of seats.
You heard it here and I’m sticking to my guns. Unless they prove me wrong.
phil
Earlier this year we asked Microsoft to take us off the list. Here is the response. At least at that time it seemed like vendors had no say at all about their placement on the lists.
Thank you for your inquiry about Windows AntiSpyware (Beta).
Please note that Microsoft does not accept submissions from vendors themselves for inclusion in the Known list. Programs are considered for addition to the Known list based on input from users through SpyNet. A high threshold of Windows AntiSpyware (Beta) users must have reported the program to Spynet, and a significant majority of those users must have elected to Allow the program to run on their computer. After these criteria have been met, Microsofts research team then reviews this list of candidates to confirm that these programs are not known to have issues with potentially unwanted behavior and are not currently under investigation.
Programs listed as Known are commonly used and allowed by Spynet participants, and do not appear to have issue with potentially unwanted behavior. Programs raised as Unknown to the user are less common used and/or allowed among SpyNet participants. Note that programs marked Unknown are not necessarily spyware or other forms of potentially unwanted software. These programs are raised to the user’s attention so that they can make an informed decision about what runs on their computer.
There is more information about real-time protection in our FAQ, available at: http://www.microsoft.com/athome/security/spyware/software/faq.mspx. If your inquiry is about a vendor dispute or false positive, please fill out the appropriate form at http://www.spynet.com.
Please let us know if you have any questions. Thank you for your interest in Windows AntiSpyware (Beta).
Sincerely,
Microsoft Windows AntiSpyware (Beta) Team
Hi Phil,
Microsoft already announced that the Antispyware will be provided free of charge:
http://news.com.com/Windows+anti-spyware+to+come+free+of+charge/2100-7355_3-5577202.html
Please stop spreading FUD. Thanks!
A big difference from your July 8 post, no?
No, I don’t see any contradiction between this post and the July 8 post. In fact, Boing Boing’s post was just flat-out wrong (and still is largely incorrect, even after its “correction”). There is nothing to support the suspicion that there was a quid pro quo for the change in classification for Claria. But Microsoft’s lack of transparency means that it is impossible to divine the real reasons for their actions, and the reality is that they will always be under a could of suspicion even if (if!) their motives are pure and their actions purely rational. That’s why publishing the database and turning over to a neutral third party is the best for all parties.
Publishing their inclusion processes online is not a bad idea at all, but I see no need for them to release control of their database to some independent watchdog. They are the most prolific software company in the world, and all the anti-business rhetoric aside, they are doing something right to gross annual sales of $40 billion and create software that the majority of the free world’s computer users voluntarily use day to day. They are not incompetent because a couple of adware vendors are detected but not flagged to your liking.
You want to design and make an antispyware program, Microsoft? Then make one that those companies cannot place trash on our computers without our knowledge and consent, regardless who they are or for what purpose. This is my computer. Only I, have the right to let things (adware-spyware) enter or run on it. Like tracing my surfing! None of their business, nor yours, etc, etc. Gain and many others, violate my (our) rights. They place trash on our computers, and it takes hours for us to delete the bull crap!!!! Make a program, antispayware, that keeps those boggers out!
Never trust Microsoft. They lied, lie, and will lie again. Its so called antispy is in itself a spyware.
Get away from MS !
We all know many inexperienced Windows end users just keep whatever is installed on their PC with Windows, and never bother to go looking for a better browser, for instance. Some even think changing their start page is too complicated…..
Many new users are scared to death to even look in the program files folder, or the registry, let alone uninstall/install a new program for themselves. So if MS says it is protecting their PC against spyware, adware, etc., they will blindly believe it. Then heave a sigh of relief and ignore all warnings they read on the net about spyware, etc. from then on, thinking they are 100% safe forever.
Normally only something like those warnings can get them to even try installing a security program of some sort for themselves. This should not be news to anybody. In fact, it’s downright predictable………….
So MS has (maybe?) decided to buy Claria. And they have decided to go into the anti-spyware biz, as well……..So the obvious question is, which decision came first, the one to buy Claria (or any spyware company, for that matter), or to make an anti-spyware program that millions of inexperienced Windows users will blindly trust?
I can’t help but think that even the most inexperienced users are becoming aware that something called spyware actually exists, and may somehow get on their PC without their being aware of it. There are a lot of good anti-spyware programs out there, as well as places to get free online scans for it. So I think it is getting a bit more difficult for spyware companies to put their junk on as many PCs as they would like to. The only way to get spyware on more PCs would be if the anti-spyware software ignored their junk for some reason……..
If a spyware company tried to buy anti-spyware software, distribute it, and claimed it would still be objective and honest towards their spyware, nobody would believe them.
In spite of all the vulnerabilities in IE, the vast majority of surfers on the net are still using it as their primary (or only!) browser. So a huge number of people would use MS AS as their only defense against spyware no matter how many spyware companies MS buys……Sad but true….And very predictable to MS before they decided to go into the AS biz or buy anything like Claria…..Coincidence?
Oh well….At least protect yourself, grab Mozilla Firefox, and you can never have too many anti-spyware/adware/hijacker/rootkit/etc. programs, use ’em all.