Feeds

Security download must clearly disclose adware

Advertising.com settles FTC complaint

  • alert
  • submit to reddit

Protecting against web application threats using SSL

Advertising.com has settled charges made by the Federal Trade Commission (FTC) that it failed adequately to disclose the bundling of adware with a free security download. The adware was mentioned, but only in a user licence that was easy to ignore.

The settlement with Advertising.com, which is now part of America Online Inc., does not require the payment of damages, only a promise that future downloads will clearly and prominently disclose any inclusion of adware.

The FTC began a crackdown on spyware and adware last spring.

Spyware is the term for software that is used to collect information about an individual or organisation without their knowledge. Often malicious in nature, it can be deposited as an e-mail attachment or as a website download and used to harvest passwords or other confidential data. Adware tends to be less malicious, generating adverts matched to browsing habits; but it can still be an invasion of privacy and a great annoyance for users.

The FTC began investigating Advertising.com after concerns were raised about its marketing in 2003 of free security software called SpyBlast.

The regulator charged that the company and its co-founder, John Ferber, distributed online ads warning that because a viewer's computer was broadcasting an internet IP address, it was at risk from hackers.

Consumers who clicked on an ad were shown an ActiveX “security warning” installation box, with a hyperlink describing SpyBlast as “Personal Computer Security and Protection Software from unauthorised users” and telling them, “once you agree to the License Terms and Privacy policy – click YES to continue.”

The link did not indicate the nature and significance of the terms of the licensing agreement – namely that adware would be installed on their computers. Consumers were not required to read the agreement before installing the software.

If consumers had read the agreement, they might have seen a statement explaining that by accepting the software, they agreed to receive marketing messages, including pop-up ads, based on their internet browsing habits, according to the FTC.

The FTC said the adware bundled with SpyBlast collected information about consumers, including the URLs of pages they visited, and used this information to send targeted advertisements.

The complaint charged that in representing SpyBlast as an internet security program, the respondents did not adequately disclose that SpyBlast included adware that caused consumers to receive pop-up ads.

It considered that the presence of the bundled adware would be material to consumers deciding whether to install SpyBlast and, therefore, that the failure to disclose it adequately was deceptive.

Under the terms of the settlement between the FTC and Advertising.com, the internet company is now prohibited from making any representations about SpyBlast or any other program promoted as security or privacy software, unless any accompanying adware is clearly and conspicuously disclosed to consumers.

The settlement also requires that the company comply with standard record keeping and other provisions to allow the Commission to monitor compliance with the order.

An AOL spokesman told Reuters that Advertising.com had abandoned its adware business before AOL acquired the company in 2004. "Advertising.com does not now and will not in the future distribute adware products,” he said.

See: Details of the complaint and settlement

© Pinsent Masons 2000 - 2005

Related stories

Related stories

Industry coalition takes stab at defining spyware
Zombie bots fuel spyware boom
MS downgrades Claria adware detection
Pop-up smut tops spyware chart
WhenU wins pop-up adware case
Anti-spyware market to rocket
Adware firm 180solutions in image makeover

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.