Yahoo Anti-Spy Favors Yahoo's Adware Partners?

prostoalex writes "Yahoo's new browser toolbar is advertised to clean out adware and spyware from the user's PC and from the sound of it is a good tool to rely on. Not so, says eWeek, whose Matt Hicks notices that Yahoo excludes by default two popular adware/spyware applications - Claria (ex-Gator) and WhenU.com - Claria has commercial bonding with Yahoo! Inc."

This is not a first

[KoriaDesevis]

Yahoo is not the first to pull this stunt. At one time, Norton Internet Security (I think it was NIS2000, specifically) had known holes in the firewall component for different spyware applications. After enough people pitched a fit, they have since closed those holes (supposedly).

Re:This is not a first

[Xtifr]

Netscape 7.1 had a similar (though not as bad) thing: their popup-blocking, by default, didn't work on their site or that of some of their "selected partners". Unlike Norton, though, I think they're unlikely to change this in future versions (fortunately, I finally managed to persuade my brother to switch to firehyena, or whatever it's called).

Only impacts Microsoft Windows users

[XavierItzmann]

No known commercial spyware for OS X or Linux

Re:Only impacts Microsoft Windows users

[karmatic]

Actually, I've come across 3 spyware XPIs so far. One of them simply downloaded their .exe, ran it, and installed their IE spyware on your system.

The other 2 actually manipulated the Mozilla DOM, and as they were written in java, they can work just fine in OS X, or Linux.

Is anyone surprised?

[andalay]

Why would anyone bite the hand that feeds them? Unless they have more than one hand :)

Yahoo! Mail Spam Filter

[lexbaby]

Just like you can't report Launch.com e-mail to your Yahoo! mail account as spam. Of course, Launch.com is actually part of Yahoo! now.

Well... it is a proprietary closed source program

[Pope+Raymond+Lama]

I would not expect any other behaviour.
As a matter of fact,I find hilarious that one justifies that his own computer is "clean from spyware" because he runs a closed source gratis program.

Indeed, it is self-contradictory to run a closed-source program of this nature, just as it is at least risky run a closed source program of any nature if one is concerned about spyware/leechware/trojans/viruses at all.

Re:EULA

[abscondment]

This also bleeds into the issue that people have with EULAs: No one ever reads them.

The GAIN Trickler and other similar programs are very often installed legally and volutarily by users themselves. Oftentimes installing the software is predicated upon accepting these "malicious" programs. If a user has in fact agreed to install software, it may be (and yes, I'm playing the devil's advocate here) a perfectly logical step to avoid uninstalling it.

Imagine if the toolbar uninstalled program updates, patches, and other things automatically installed. We'd hate it. Of course, we're only complaining because it's not doing what we want; however, I don't think we should freak out at Yahoo. The program still operates within the scope of its definition.

Is it possible that...

[mealtime_warrior]

Yahoo, in its *supposed* partnership with Gator (I prefer the old, more descriptive name) and WhenUClick, is participating in some twisted plot to eliminate all other spyware/adware programs. With no competition, Gator could become the unstoppable Big Brother.

Re:This is a farce...

[gcaseye6677]

It doesn't necessarily require an open source application to clean spyware off your computer. It just requires a company to produce software for the purpose of keeping your computer safe and running well, as opposed to creating it for the benefit of hidden advertising deals (I assume Claria gave them something for not removing their crap). The best way around this is to use multiple spyware scanning tools (Spybot + AdAware, for example). Claria probably won't make a deal with all the spyware remover companies.

Dear God

[rcastro0]

Give me the patience that I need
To keep my piece of mind,
And with life's cares, I hope, Dear God,
Some happiness to find.

Let me google but for today,
Not worrying 'bout Ads ahead,
For I have trust that You will see
Gator and friends, all of them dead

Give me the courage to face the web's trials
And not from adware or spyware run,
Let me keep this thought in mind,
"My will, not Yahoo's, be done."

Oh I miss the yahoo I knew.
http://web.archive.org/web/19970201021647/h ttp://w ww3.yahoo.com/

Re:This is a farce...

[LostCluster]

How exactly would having the source being readable change this situation. Claria/Gator is in the settings ready to be blocked... it just starts unblocked in the default setup.

I think this is just a side effect of Claria's lawsuits going after any body who calls them bad names such as "spyware". Yahoo's willing to block them, but they don't exactly want to take on this legal fight.

Maybe the best compromise is to leave everything unblocked by default... and then the start-up wizard can allow users to click on the blocks one-by-one with a nice easy "select all" available if they'd rather bypass that step. Something along the lines of "Submitted for your approval... these are the programs that in our opinion are worth blocking, do you agree?"

Re:Wait a tick!

[LostCluster]

And we also know that Claria is very agressive in suing anybody who dares classify them as "spyware"... so PestPatrol's decision is likely one of lawsuit-avoidance than an in-the-pocket protection.

Re:spyware vs. adware vs. software

[t1m0r4n]

Unlike viruses or worms, it's not at all clear where the line is between "good" and "bad."

Personally, I draw the line in the "Add/Remove Software" control panel. If the app has a clear definition and can be removed as easily as a legit piece of software, then it is alright by me. (This also implies that it was voluntarly installed as any other piece of software, i.e. went to download.com or similar place and selected the software based on an honest description to fill a users need.) I have no idea why someone would volunteer to have a computer used as a spam relay or be subjected to endless pop ups, but if that's what people want, so be it. But it should also be easy to remove without the use of extra software.

The mere idea that special software is neeeded to remove the junk, and, yet, no one is being prosecuted makes me very very angry. However, as I haven't had a personal computer infected with anything in a few years, I don't have anything to go.

Actually that's probably a "COVER OUR ASSES"...

[Moryath]

Remember how much Claria/Gator pitched a fit at sites on the 'net who were calling them spyware (YOU'RE SPYWARE SPYWARE SPYWARE GODDAMNIT YOU LOUSY LIARS - I've seen your trickler bullcrap and the javascript on webpages that slips the trickler into Windows, it's invasive spyware and that's final), going as far as to threaten legal action against a few?

Yahoo's lawyers obviously do. The fact that the "Adware" category isn't set for removal by default is Yahoo's fuckup - the fact that Gator is in that category is probably a decision made by their lawyers.

What's far more insidious is likely to be all the bots/spyware/trojans that will, by next week, be disabling this portion of Yahoo's product the moment they find it just like viruses go after virus scanners and several trojans spyware programs go after Ad-Aware/Spybot/etc already.

Re:Absolutely untrue

"I worked on NIS 2000 2.0 and had the privilege of leading the NIS 2001 through NIS 2004 quality assurance team."

Interesting. IMHO Nav2000 was the last decent NAV made. Or was it 2001? Which one was the last that worked on Servers? I'm not saying you personally are to blame for anything but most people I know in IT including myself say that from then on it got more and more bloated and caused more and more problems. Not all norton AV is bad, the CE has always been decent. But man, after seeing how far Nav went downhill in the last 4 years I have to question if you were being sarcastic when you said "privilege". Now I won't touch the consumer version of Nav with a 10 foot pole.

Re:No need for spy/ad-ware removal tool...

[SamNmaX]

It's like email viruses. You only get infected if you act like you don't care about getting infected. OR, if you act stupid. For about 4 years I have run Ad-Aware maybe a 4 times, and all I get as a result is few tracking cookies. And I Do use the internet more than average, I can tell you that. But then again, I am european ;)

This is not true. I personally managed to get adware on my system through bearshare before adware became as well known as it is. While you can only take my word for it, I do know very well what I'm doing with a computer, so it was not out of the type of ignorance you imply. I also just had the fun of cleaning up a ton of spyware a friend of mine got, who knows very well of adware and habitually clicks the 'no' button when it asks to install an ActiveX control, but accidently hit 'yes' once and found his system crawling with the crap.

These programs are trojans. While in some cases they make it 'known' what is being installed (as in, say, the adware version of DivX), they often are snuck in either through freeware or through ActiveX. While with email, you have to make at least a conscious effort to load that attachment, adware can hit even the best of us.

re: AUP/TOS/EULA

First off, nobody actually reads those things until there's a pressing need (e.g. Why did my account get canceled? or Why am I getting spam? or Why won't the store let me return this defective/crappy software I just bought? ).

We all know they're not legally binding against the person who did the clicking, but they do provide a small amount of legal CYA for the content/service provider. I view clickthroughs as the moral equivalent of telephone slamming. For those unfamilar with the concept: Telemarketers record you saying "yeah" to something innocuous, then use that tape to defend the new "services" they've added to your telephone bill. Now instead of a tape, they have a record of your click, so they can claim they have the right to do anything they crammed into the 100page all-caps document displayed in a 4x60 scrolling window.

Personally, I think it should be illegal (in the US) to create a clickable AUP/TOS/EULA that says anything remotely resembling "we reserve the right to spam you, monitor your activities, install software, take over your machine, etc" (Of course, I also think it should be illegal to target minors with product advertisement; however, that's another battle I'll always end up losing.)

The Solution is Simple

[ajs318]

I've never used these so-called "browser toolbars" because they seem to only work on inferior browsers (= MS Internet Explorer) on toy OSes (= Windows), upon neither of which would I waste a precious CPU cycle; so perhaps I'm not the fittest person to comment here.

But how come, when people install these things, they don't just do the nearest thing to what I would do when installing a package with functionality I didn't want: edit the source code with whatever Windows has instead of vi, and comment out all the spyware-ish bits, before they do whatever Windows does instead of make? Maybe they could even do whatever Windows does instead of diff to create a patch, and offer that for download from their own site.

If people aren't smart enough to do that, they probably deserve the consequences.

This isn't the only issue Yahoo flip flops on!

[celerityfm]

From reading the article you get the feeling that one hand doesn't know what the other is doing over at Yahoo-- while they are offering antiadware/spyware programs, they simultaneously support Claria/Gator through their Overture pay per click advertisment subsidiary.

But this isn't the only issue that Yahoo is two faced about-- They are also very conflicted over pay for inclusion in their search engine:

"The difficulty with [pay for inclusion] hasn't changed, as you can see using current material from Yahoo:

'Yahoo...today announced that it has created a more comprehensive and relevant search experience for users through the deployment of its own algorithmic search technology' --Yahoo Press Release, Feb. 18, 2004

Sounds like good news for searchers. But wait! What are advertisers being told about Yahoo-owned Overture Site Match, which feeds paid inclusion content into Yahoo's search results?

'Eliminate guesswork: Ensure that your pages are reviewed and included in the search index quickly and refreshed frequently. No waiting for search engines to find your site or guessing which content will be included.' --Overture Site Match product page, May 18, 2004

On the one hand, searchers are told that Yahoo has a comprehensive and relevant search engine, which you'd also assume means it's fresh. On the other hand, site owners are told that Yahoo's search engine apparently just guesses about what to include and may not refresh that content frequently.

Is it any wonder that Yahoo's gained bad press after unveiling its new programs? Either you have a great search engine or you don't. Trying to play it both ways simply doesn't fly."

Personally I think they've kept the pay for inclusion because they've got thousands and thousands of people paying for it and they don't want to kill that revenue stream-- even though they are perfectly capable of functioning without it like Google.

This feeling also applies to their continued partnership with Gator/Claria-- it makes them too much money to dump them.

Finally-- Does Gator's name change to Claria remind anyone else of Phillip Morris' failed name change to Altria? Name change or no, they'll never live down their sleezy reputation that they EARNED themselves.

Keep fighting the good fight!