Feeds

Security download must clearly disclose adware

Advertising.com settles FTC complaint

  • alert
  • submit to reddit

High performance access to file storage

Advertising.com has settled charges made by the Federal Trade Commission (FTC) that it failed adequately to disclose the bundling of adware with a free security download. The adware was mentioned, but only in a user licence that was easy to ignore.

The settlement with Advertising.com, which is now part of America Online Inc., does not require the payment of damages, only a promise that future downloads will clearly and prominently disclose any inclusion of adware.

The FTC began a crackdown on spyware and adware last spring.

Spyware is the term for software that is used to collect information about an individual or organisation without their knowledge. Often malicious in nature, it can be deposited as an e-mail attachment or as a website download and used to harvest passwords or other confidential data. Adware tends to be less malicious, generating adverts matched to browsing habits; but it can still be an invasion of privacy and a great annoyance for users.

The FTC began investigating Advertising.com after concerns were raised about its marketing in 2003 of free security software called SpyBlast.

The regulator charged that the company and its co-founder, John Ferber, distributed online ads warning that because a viewer's computer was broadcasting an internet IP address, it was at risk from hackers.

Consumers who clicked on an ad were shown an ActiveX “security warning” installation box, with a hyperlink describing SpyBlast as “Personal Computer Security and Protection Software from unauthorised users” and telling them, “once you agree to the License Terms and Privacy policy – click YES to continue.”

The link did not indicate the nature and significance of the terms of the licensing agreement – namely that adware would be installed on their computers. Consumers were not required to read the agreement before installing the software.

If consumers had read the agreement, they might have seen a statement explaining that by accepting the software, they agreed to receive marketing messages, including pop-up ads, based on their internet browsing habits, according to the FTC.

The FTC said the adware bundled with SpyBlast collected information about consumers, including the URLs of pages they visited, and used this information to send targeted advertisements.

The complaint charged that in representing SpyBlast as an internet security program, the respondents did not adequately disclose that SpyBlast included adware that caused consumers to receive pop-up ads.

It considered that the presence of the bundled adware would be material to consumers deciding whether to install SpyBlast and, therefore, that the failure to disclose it adequately was deceptive.

Under the terms of the settlement between the FTC and Advertising.com, the internet company is now prohibited from making any representations about SpyBlast or any other program promoted as security or privacy software, unless any accompanying adware is clearly and conspicuously disclosed to consumers.

The settlement also requires that the company comply with standard record keeping and other provisions to allow the Commission to monitor compliance with the order.

An AOL spokesman told Reuters that Advertising.com had abandoned its adware business before AOL acquired the company in 2004. "Advertising.com does not now and will not in the future distribute adware products,” he said.

See: Details of the complaint and settlement

© Pinsent Masons 2000 - 2005

Related stories

Related stories

Industry coalition takes stab at defining spyware
Zombie bots fuel spyware boom
MS downgrades Claria adware detection
Pop-up smut tops spyware chart
WhenU wins pop-up adware case
Anti-spyware market to rocket
Adware firm 180solutions in image makeover

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.