Posts tagged as:

Edelman

Zango now

by certifiedbug on May 2, 2008

in Security

Zango is in the news again.
The Register: Zango’s adware fox desperate to guard net henhouse

Last month, it asked the Ninth US Circuit Court of Appeals to reconsider a decision by a lower-court judge that held Kaspersky was immune from such lawsuits.

Sunbelt Blog:
Zango partnerships
Zango reacts to Sunbelt blog posts

PCMag: Must You Install Zango?

Ben Edelman commented at PCmag and Sunbelt:

Why do people continue to distrust Zango? Because Zango’s continued actions deserve distrust. Four specific examples:

1) Zango continues to run “fake user interface” ads that are disguised to look like Windows message boxes. Example. These ads continue to this day.

2) Zango continues to install its software without unavoidable, prominent disclosure of material terms. Example. Zango’s settlement with the FTC requires improved disclosure. To my surprise, Zango claims the FTC settlement doesn’t require such disclosure for “heritage Hotbar products”. But the FTC settlement’s plain language specifically applies to “any software program” Zango installs or downloads — offering no “Hotbar exception.” Quotes, citations, and further analysis.

3) Zango continues to defraud online advertisers, including by showing pop-ups that claim affiliate commissions Zango did nothing to earn. Last spring I wrote up a few examples. It’s easy to find many more. Indeed, my Automated Spyware Tester catches dozens of such examples per month.

4) Zango touts its video offerings, which include widespread videos infringing on copyrights held by others. Zango has no proper basis to hold these videos in its library, or to use them as bait to attract users to install Zango’s software.

This is all in the present, not the past. And these scams — fake user interfaces, ineffective installation disclosures that fall short of settlement obligations, defrauding advertisers, and infringing others’ copyrights — are good reasons for users to “distrust” Zango (or worse!)

Certifiedbug: Zango tags.

The beat goes on…..

{ 0 comments }

C-NetMedia continues deceptive practices

by certifiedbug on February 19, 2008

in Security

Alex Eckelberry reports that despite press on the matter, C-NetMedia is still trying to fool people.

I’m afraid it’s going to take the FTC to handle this one. Apparently the search engines aren’t self-policing on this one.

Article and screenshots: Incredible — C-NetMedia still continues its grossly deceptive practices

{ 0 comments }

Additional comment on Certifiedbug’s “C-NetMedia’s Deceptive Practices”.

In his missive at C-NetMedia , Edelman criticized several prominent companies for failing to hold C-NetMedia accountable for its practices.

  • Google and other search engines could block the widespread deceptive ads from C-NetMedia and its marketing partners. C-Net and its partners have continued these practices for more than a year. Google claims to be tough on malware, and Google does exclude some harmful organic search results. But Google has been ineffective in removing the false and deceptive ads shown above, among many others, despite ample complaints from users and security researchers.
  • McAfee could remove its Hacker Safe certification from C-NetMedia sites. At present, the McAfee logo gives users the false impression that McAfee endorses C-Net and the McAfee vouches for the effectiveness of C-Net’s software. I gather neither is truly the case. Indeed, McAfee’s HackerSafe certifies some C-Net sites at the same time that McAfee’s SiteAdvisor characterizes rates those same sites as red. In my view, the SiteAdvisor rating better describes the view of security experts and better serves typical users. (Disclosure: I serve as a member of the Board of Advisors of McAfee SiteAdvisor.) (Update, February 14, 11:30am: McAfee has withdrawn HackerSafe certification of C-NetMedia sites.)
  • Microsoft could withdraw its Certified for Windows Vista certification on the basis of C-NetMedia’s violations of various ASC rules, as cited above. Anticipating this kind of harmful marketing practices, Microsoft’s certification rules provide ample basis for excluding C-Net on the basis of its deceptive advertising. Microsoft’s concern should be particularly acute because C-Net copied the layout and format of the Microsoft Antispyware site, because C-Net marketing partners trade on Microsoft’s brand name and product names, and because C-Net products worsen the experience of Windows users (i.e. by charging a fee for security software, when Microsoft provides similar software for free).
  • ClickBank could eject C-NetMedia from ClickBank’s affiliate network due to the pattern and practice of false and misleading ads placed by ClickBank affiliates in their promotion of C-Net offers. ClickBank’s Client Contract specifically prohibits fraudulent, deceptive, false or misleading information in advertising messages (clause 7.n.), and Clickbank reserves the right to immediately suspend violators (9.d.). But at present, C-NetMedia seems to remain a ClickBank clent in good standing.

Source: Edelman

According to Information Week, a request for comment left with an assistant of Erik M. Pelton, the attorney of record for C-NetMedia’s trademark filings, went unanswered.
In addition, Information Week found no building resembling the company’s illustration of its headquarters visible on the Google Maps satellite photo of the posted address.

{ 0 comments }

C-NetMedia Deceptive Practices

by certifiedbug on February 14, 2008

in Security

Spyware Researcher Ben Edelman continues his investigation on C-NetMedia.
Critiquing C-NetMedia’s Anti-Spyware Offerings and Advertising Practices

Not every “anti-spyware” program is what it claims to be. Some truly have users’ interests at heart — identifying and removing bona fide risks to privacy, security, stability, or performance. Others resort to a variety of tricks to confuse users about what they’re getting and why they purportedly need it.

This article reports the results of my examination of anti-spyware software from C-NetMedia. I show:

  • Deceptive advertising, deceptive product names, and deceptive web sit
    e designs falsely suggest affiliation with security industry leaders. Details.
  • The use of many disjoint product names prevents consumers from easily learning more about C-Net, its reputation, and its practices. Details.
  • High-pressure sales tactics, including false positives, overstate the urgency of paying for an upgraded version. Details.

Note that C-NetMedia is unrelated to the well-known technology news site CNET Networks. See further discussion below.

Deceptive advertising, deceptive product names, and deceptive web site design falsely suggest affiliation with security industry leaders.

Some C-NetMedia products are marketed using practices, keywords, labels, and layouts that falsely suggest they come from security industry leaders. This suggestion comes from both the actions of C-Net itself, as well as from the actions of C-Net’s marketing partners.

Consider the top three ads for a Google search for “Spybot”, a popular early anti-spyware program (full name “Spybot Search & Destroy”). As shown at right, the top three ads each specifically mention “Spybot” — the first two, in directory names; the third, in its domain name. Furthermore, all three ads also include the distinctive and original phrase “Search & Destroy” that specifically describes the genuine Spybot product. Yet in fact each of these three ads takes users to the unrelated site spywarebot.com (emphasis added) (screenshots: 1, 2, 3). Clicking the first ad immediately takes a user to spywarebot.com via the ClickBank advertising network. As to the second and third ads, traffic flows through independent “landing page” sites which in turn show ClickBank links to promote Spywarebot. These landing pages are hosted on the deceptively-named domains named spybot-sd-info.com and www-spybotcom.com — each further (but falsely) suggesting an affiliation with the genuine “spybot” product.

Ben’s Complete Article

Spybot Search and Destroy (Spybot-S&D) Official Home Page: http://www.safer-networking.org/en/home/index.html

{ 4 comments }

Sears Violation of Its Privacy Policy

by certifiedbug on January 5, 2008

in Security

Bits from Bill: Your Sears Purchase Details Available to World

Ben Edelman update January 4, 2008.

Sears Exposes Customer Purchase History in Violation of Its Privacy Policy.

Sears’s Response

I wrote to Sears ManageMyHome via the addresses on their Contact Us page. To their credit, they responded quickly (less than ninety minutes). However, their reply does not address the seriousness of this situation. Their reply follows:

“We appreciate that you have a security concern. Thank you for taking the time to share your comments with us. We appreciate hearing feedback from our customers, and will pass this information to the appropriate area to research.”

Update (January 4, 5pm): Sears has disabled the search feature described above. Attempts to retrieve a purchase history now yield the message “We’re sorry, this feature is currently disabled.”

Let’s hope it stays that way else all Sears customers join in filing a class action suit.

{ 0 comments }

Sears installs ComScore tracking software

by certifiedbug on December 31, 2007

in Security

Ben Edelman, anti-spyware researcher and Harvard Business School Assistant Professor.

Late last month, Benjamin Googins (a senior researcher in the Anti-Spyware unit at Computer Associates) critiqued a ComScore installation performed by Sears’ “Sears Holdings Community” (”My SHC Community” or “SHC”). After reviewing the installation sequence, Ben concluded that the installation offered “very little mention of software or tracking” and otherwise fell short of CA and industry standards. I agree.

I write today to add my own critique. I begin by presenting the entire installation sequence in screenshots and video. I then explain why the limited notice provided falls far short of the standards the FTC has established. Finally, I show that Sears’ claims of adequate notice are demonstrably false.

Article and video: The Sears “Community” Installation of ComScore

{ 0 comments }

Zango loses to Kaspersky

by certifiedbug on August 29, 2007

in Security

Zango’s court case against Kaspersky has been thrown out, because Kaspersky has immunity as a result of the Communications Decency Act.

The decision can be seen at Ben Edelman’s site. (PDF)

Ben has also updated his list of legal actions: Threats Against Spyware Detectors, Removers, and Critics

{ 0 comments }

Among the allegations:

  • Widespread Zango “ActiveX” Installations without Unavoidable, Prominent Disclosure of Material Terms (XP SP1 and Earlier). Details.
  • Widespread Zango Banner-Based Installations without Unavoidable, Prominent Disclosure of Material Terms (XP SP2). Details.
  • Ongoing Zango Installations with No Disclosure Whatsoever. Details.
  • Unlabeled Zango Ads - Toolbars, Desktop Icons, and Pop-Ups. Details.
  • Zango Ads for Bogus Sites that Attempt to Defraud Users. Details.

In my hands-on testing, Zango continues numerous practices likely to confuse, deceive, or otherwise harm typical users as well as practices specifically contrary to Zango’s obligations under its November 2006 settlement with the FTC.

Ben’s article and research: Zango Practices Violating Zango’s Recent Settlement with the FTC

{ 0 comments }

ComScore Doesn’t Always Get User Consent

by certifiedbug on June 29, 2007

in Security

Spyware Researcher Ben Edelman published an article today regarding ComScore’s recent multiple RelevantKnowledge installations that occur without user consent.

Article and Video

Zango’s CEO speaks of lessons learnt

by certifiedbug on June 1, 2007

in Security

Washington CEO Article

By Keith Smith, co-founder and chief executive officer of Zango Inc., an online advertising and media company.

Every company runs into obstacles. My company, Zango Inc., has encountered more than most.

Then we encountered an obstacle that threatened our existence. The third-party software distribution network we had established had to be dismantled. Some of these partners, despite contractual agreements, were defrauding us and, more importantly, harming consumers’ computers. Zango became the subject of a Federal Trade Commission (FTC) investigation. We had long since ceased our partnerships and, in some situations, had filed legal actions against these no-gooders, but we nonetheless worked cooperatively with the FTC, outlining steps to provide additional protection to consumers. In the end, we reached a settlement that stipulated a list of rules by which we must abide, almost all of which we had already implemented as part of our distribution and technology transition.

Hmmm….

Spyware Still Cheating Merchants and Legitimate Affiliates
Ben Edelman. May 21, 2007 - Updated, May 22, 2007