StopBadware.org names first hall of shame inductees

The StopBadware.org group, which was launched in January with the goal of becoming an online “hall of shame” for spyware and questionable adware, Wednesday begins naming software applications it recommends users think twice about before installing.

The StopBadware.org group, which was launched in January with the goal of becoming an online “hall of shame” for spyware and questionable adware, Wednesday begins naming software applications it recommends users think twice about before installing.

The four ‘badware’ programs to start off the list are: the Kazaa peer-to-peer file-sharing agent produced by Sharman Networks; the MediaPipe download manager from Net Publican; SpyAxe, advertised as a software-removal tool from a hard-to-locate developer claiming to be in Cyprus; and Waterfalls 3, a screen-saver produced by Freeze.com.

StopBadware.org is a coalition formed by Harvard University and Oxford University in collaboration with Consumer Reports. Its stated goal is to have technical and legal researchers from Harvard’s Berkman Center for Internet and Society work with Oxford’s Internet Institute to identify downloadable software that consumers might prefer to avoid as ‘badware.’

The founders of the group – which launched as “The Stop Badware Coalition” but now goes by their Web site moniker – argue that spyware and questionable adware constitute a growing menace contributing to a sense of unease and danger about using the Internet.

“This is a neighborhood watch for spyware,” said John Palfrey, co-director of the group, and a professor of Internet law at Harvard, in introducing StopBadware.org’s first four ‘badware’ selections. “We’re focusing on deceptive behaviors or improper disclosure about things the application actually does.”

To select possible candidates for the ‘badware’ list, the researchers reviewed online forms submitted from about 1,000 individuals to the StopBadware.org Web site after the group was formed.

Researchers in the university computer labs then examined samples of various programs available for download, with a legal team evaluating each software’s “end-user licensing agreement” (EULA) that users are asked to agree to follow, typically by a click of the mouse.

The reviewers, assisted by a panel of advisors, have identified seven categories of behaviors deemed to be ‘unwanted’ in downloaded software.

These are: deceptive installations; unclear identification; causing harm to other computers; modifying other software; transmitting user data; interfering with computer use, and being difficult to uninstall completely.

The four programs – Kazaa, MediaPipe, SpyAxe, and Waterfalls 3 – were found guilty of these behaviors in one form or another, as detailed in the “Badware reports.”

The report’s rating system grants a red indicator to behaviors not disclosed or ones that cause “irreversible harm,” a yellow indicator to behaviors sufficiently disclosed but “potentially objectionable,” and a green check if the bad behavior isn’t found in the application.

Jonathan Zittrain, co-director of StopBadware.org and professor of Internet governance and regulation at Oxford University, said the coalition is paying close attention to how the software EULA’s are written.

He said one disturbing thing he’s noticed about many EULAs he reviewed is that they can include the legal statement that the software, when supplied with upgrades, may be completely different from what was first given to the user.

Palfrey said StopBadware.org had sought to contact the makers of the four software programs it names as badware in its first report but had not received any feedback. He added that the coalition is saving a spot online for the producers of the software to comment about the findings of the report.

“We have no intention of blindsiding anyone or hurting anyone’s business,” said Palfrey, adding the coalition wanted to see improvements in software.

The group continues to examine many more downloadable software applications and plans to soon release a much more lengthy report listing yet more badware.

“We have a whole bunch more lined up behind this one,” Palfrey said. StopBadware.org also plans to publish a variety of academic studies on the problem of badware.