Security Software

Spyware needs federal regulation

I personally find this trend disturbing.

Claria and WhenU are making the case that their adware programs don’t resort to illegal tactics, such as exploiting security holes, to install themselves. And though this software can be annoying, adware developers argue that merely being listed in an anti-spyware scanner’s database tarnishes a company’s reputation by linking its relatively benign adware application with far more harmful and intrusive spyware programs.

Well lets actually think about this for a second, shall we? “Don’t resort to illegal tactics, such as exploiting security holes”, well if they did, they would be more of a virus or a worm. So they aren’t a virus or worm. That doesn’t eliminate them as a spyware.

Since when is it ok to use legal force to remove yourself from another companies list of bad products? Are software companies now going to use the courts to force the media to only give positive reviews? Will organizations like PCWorld, CNet, be served cease-and-desist letters for giving a product a bad review? Could that move beyond software? What about Consumer Reports? Could they be subject to cease-and-desist letters as well? How about consumer agencies like the FDA? If the FDA refuses to approve a new drug, can a drug company use a cease-and-desist letter?

Since when has freedom of speech become so eroded that a company can’t keep a list of software products customers don’t want on their computers, and allow customers who agree with that company to download the list? Where are the consumer rights activists on this one? How the heck did it get this far?

It’s time for the politicians, the FTC (all they have done is this rather crummy handout), and the activists to start attacking this mega crisis before it gets even more out of hand.

I propose that we need a federal law here in the US that goes something like as follows:

All software applications, upon installation or first run (should there be no installer) must prompt and inform the user of any third party products, or products that aren’t clearly mentioned in the product name. For each product the prompt must display the a) product name, b) manufacturer, c) link to view privacy policy, d) link to view website if applicable, e) link to view terms of service if applicable. Next to the product’s name must contain a “[required]” if the software can’t be installed and/or used without the product, and “[default]” if it is installed by default. In addition, in no more than 100 words, there must be a description of the product in a language that is understandable to the user about what it does and why it’s included.

Example of a notice

A link to a privacy policy should open to a iconified human readable privacy policy (similar to that by the creative commons for licensing). This document must truthfully depict how a software product will operate, including but not limited to:

  • changing a users homepage, adding/removing bookmarks, adding icons/menu’s to the users computer.
  • sending information (phoning home), and clearly state what it sends, and usage.
  • creates a gateway for other products to be installed.
  • serves advertisements – must depict how (popup ads, banners, embedding into webpages viewed).

In addition it should contain information on how the product can be completely removed from the computer, and if any connection is made to the company, or any third party without the users explicit consent, such as clicking a button each and every time to send information, a street address and phone number of the party receiving information should be included.

We need a real law.

IMHO it’s time to mobilize and make some noise. If you’ve got a blog, start posting, and lets make it clear that these tactics shouldn’t be tolerated. Consumers not only have a right to control what goes on their computer.

Leave a Reply

Your email address will not be published. Required fields are marked *