Slashdot Mirror
Yahoo Anti-Spy Favors Yahoo's Adware Partners?
prostoalex writes "Yahoo's new browser toolbar is advertised to clean out adware and spyware from the user's PC and from the sound of it is a good tool to rely on. Not so, says eWeek, whose Matt Hicks notices that Yahoo excludes by default two popular adware/spyware applications - Claria (ex-Gator) and WhenU.com - Claria has commercial bonding with Yahoo! Inc."
Does anyone else find it humerous that Yahoo! is carrying the story?
Yahoo is not the first to pull this stunt. At one time, Norton Internet Security (I think it was NIS2000, specifically) had known holes in the firewall component for different spyware applications. After enough people pitched a fit, they have since closed those holes (supposedly).
A love beyond compare...
Why would I install a "toolbar" to clean out spyware? Shouldn't I use an application dedicated to that?
-Letter
Claria is one of the most prevalent and intrusive spyware programs out there. It's a major omission to not handle it.
This just shows yet another benefit of open source software. When a publicly traded corporation is solely behind the development of a closed product, don't be suprised when they try to protect their interests, at the consumer's expense.
The Technonaut
You mean that thing that was really cool back in 1995 but has become the net equivalent of a tourist trap?
I haven't even visited the site in years, literally. Do people still use that? Between the slanted stories on the front page and the increasing use of flash on the site, they drove me away a long time ago.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Wonder how much they charged for that little "Feature" to Claria and whomever. It would be very Microsoft of them.
There'a always a catch, I think this might be true with AOL's spy blocking software too. After all they are "corporations" with an obligation to their shareholders. Advertizing makes a chunk of their revenues, and they aren't going to choke that golden goose, are they? For now I am sticking with Adaware.
Activists United
Should we take this news as a shocker, or is it somehow expected in commercial sense? Yahoo can probably claim those businesses are not considered spyware from its point of view, hence no removal.
And how long? How long before we start seeing Anti-Spam filters have built-in mechanism to let associates' spam emails through, even if you blacklisted them.
Rock that crushes, Paper & Scissors that don't matter.
I hope this doesn't surprise anyone. Seeing as how altruism is rarely profitable, this is exactly what I expected to hear sometime about an adware removal program.
No known commercial spyware for OS X or Linux
The next pasture is always greener
Why would anyone bite the hand that feeds them? Unless they have more than one hand :)
1) Write spyware
2) Team up with Yahoo!
3) ???
4) Profit!
Just like you can't report Launch.com e-mail to your Yahoo! mail account as spam. Of course, Launch.com is actually part of Yahoo! now.
lexbaby
"Be Brave, Be Loyal, Be True." -- Hawkeye Pierce
Ook, let's hold on a minute...AND RTFA (Again)! Yahoo's toolbar uses PestPatrol for its' spyware application, and even the article states that "On its Web site, PestPatrol does categorize software from Claria as adware." But later states that - "In a test of PestPatrol's free, online scanning tool, eWEEK.com confirmed that it does detect the presence of Claria's GAIN software automatically." Hmph, I says...I don't think (I dunno, maybe I'm not into the /. conspiracy theory mentality yet ;) ) Yahoo! is behind this, it smells like an issue with the PestPatrol software....But who knows?
Not everyone is out to get us, people....
My MythTV HowTo
I would not expect any other behaviour.
As a matter of fact,I find hilarious that one justifies that his own computer is "clean from spyware" because he runs a closed source gratis program.
Indeed, it is self-contradictory to run a closed-source program of this nature, just as it is at least risky run a closed source program of any nature if one is concerned about spyware/leechware/trojans/viruses at all.
-><- no
Some antivirus or anti-spam software may not detect a virus/spam that its competitors do, but the next day the situation is reversed. Which one is better? Ditto anti-Spyware. Install the Yahoo toolbar if you think it will help. You should still use other tools though.
If the suspicions raised in the article are true however, I do think there is an ethical question here that should play some part in your decision.
Do you or your partner snore? - Visit www.snoring.com.au
that they left in the ever welcome Bonzi Buddy
Gator/Claria is classified as 'adware' (as opposed to spyware) by the toolbar, and all adware by default is not blocked.
The toolbar will block them, it requires users clicking on a checkbox somewhere in the options. This makes it just a bit less sleazy.
Additionally: In a desperate attempt to fuel Yahoo's status as a search engine, the new Yahoo! toolbar blocks google.com via the hosts file...
Or not.. :)
The main problem with all of this is "where do you draw the line between spyware, adware, and software?"
Unlike viruses or worms, it's not at all clear where the line is between "good" and "bad." It may be that Claria has a valid business model, in which case they have a strong case that their software shouldn't be lumped in with the likes of clientman, or other truly nasty spyware. Certainly, their business model is not illegal today. (Of course, I personally don't like it, and would never use their software.)
Should Yahoo include "windows update" or "redhat update network" in their list of spyware?
These applications are out of control. To trick a user into installing (and sometimes, installing without asking) software that slows down the machine and floods them with pop up windows is worse then spam. At least with spam, you can delete it quickly.
In addition to this, I cannot count the number of times family members or neighbors have called me up asking for me to help them remove TONS of this junk from their machines. Its even worse when you have to update software just to remove the junk that has been installed. Some of these applications even force you to install other software to remove the offending software. This is ridiculous.
People trust Yahoo. For Yahoo to put a program out there on the market, and do this kind of thing on purpose? That is a pretty crappy thing for a company to do. I have lost what little respect I had for Yahoo..
Cyris
What goes around, comes around.
... but not entirely unexpected or illogical. They wish to protect their bottom line, after all, which is what all mega corporations are required to do to compete. Look at it from the point of view of the heartless corporation. ;-)
Of course it also means there's one more IE toolbar onto our 'banned' forever list. we used to allow the yahoo toolbar. >sigh
Screw you all! I'm off to the pub
I can't wait to install it on my Konqueror browser.
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
The first (and only) time I used this product to scan for xx-ware it found Claria and removed it.
What I am I doing right/wrong?
Cant we make anti-spyware apps that flood the spyware collection systems with LOADS of useless data?
Kinda makes spyware apps useless if they have to spend $$$ on extra bandwidth to handle the new data and $$$ on CPU Cycles to sort through the Krud.
hehe - and then watch as a new business of "anti-flood" filters are built for the spying companies!
Namely, "fun/amusement" applets -- think applets like "XEyes". Yes, I will admit, when I was in college I used to get a kick out of running things like "BartEyes" (A Bart Simpson knockoff of XEyes), and although I have outgrown them, My mom still likes her "Felix", a cat that walks around on her screen.
Felix is the last amusement applet I will ever let my mom run. I only let her run it now because it predates spyware being trojaned into these little applets. Today, I don't trust ANY fun/amusing "applet" because IMO they all potentially carry a spyware payload.
Sadly, I have noticed that this trend of spyware payloads has begun to move itself into mildly useful, free utitlity applets as well -- I have heard of a weather reporting applet and a time server synchronization applet carrying nasty payloads. I suppose it won't be much longer before the majority of nifty utilities from places like tucows.com are suspect.
I think sometimes that we live in sad times.
when i say, "NO DUH"??
LS
There is a fine line between being a cultivated citizen and being someone else's crop. - A. J. Patrick Liszkie
This also bleeds into the issue that people have with EULAs: No one ever reads them.
The GAIN Trickler and other similar programs are very often installed legally and volutarily by users themselves. Oftentimes installing the software is predicated upon accepting these "malicious" programs. If a user has in fact agreed to install software, it may be (and yes, I'm playing the devil's advocate here) a perfectly logical step to avoid uninstalling it.
Imagine if the toolbar uninstalled program updates, patches, and other things automatically installed. We'd hate it. Of course, we're only complaining because it's not doing what we want; however, I don't think we should freak out at Yahoo. The program still operates within the scope of its definition.
Yahoo, in its *supposed* partnership with Gator (I prefer the old, more descriptive name) and WhenUClick, is participating in some twisted plot to eliminate all other spyware/adware programs. With no competition, Gator could become the unstoppable Big Brother.
slashdot is really really losing it. I've seen
more FUD this week than I've seen all last month,
maybe all year.
The tool does not favor "Yahoo's partners", as a
*30 second skim* of the f'in article tells you.
It simply doesn't scan adware by default. If
you click the box to scan adware, it does detect
Yahoo's partners products. The article isn't
clear on whether the product removes the adware.
The controversial part, read carefully now, is
that it detects *spyware* by default. It's
*adware* that isn't detected by default. They
shouldn't do one and not the other. I'm sure
I speak for all consumers here when I say, no
consumer, not a one, cares about the distinction.
(And the distinction is fuzzy at best anyway.)
Their product favors "adware", and some "adware"
producers are Yahoo partners. It's not as if,
like the slashdot article tries to imply, that
some adware is detected but not Yahoo's partners'.
It's like email viruses. You only get infected if you act like you don't care about getting infected. OR, if you act stupid. For about 4 years I have run Ad-Aware maybe a 4 times, and all I get as a result is few tracking cookies. And I Do use the internet more than average, I can tell you that. But then again, I am european ;)
:)
People get spy/ad-ware by doing stuff on the net. It's like walking in desert and finding oneself being thirsty but alas no water to drink.
Anti malware tools are like that water in the desert. Byt who the heck told you to go into that desert.
If you don't know what will happen from "yes", don't click on it. Preferably don't even click on "no". Kill the process
Off-topic? Goes with the motive, your honor...
(Nightshift and nothing to do, I admit)
-Is the meaning of life vanity, or is vanity the meaning of life?
Large corporation provides special treatment to those who give it lots of money... film at 11:00.
yawn.
Give me the patience that I need
h ttp://w ww3.yahoo.com/
To keep my piece of mind,
And with life's cares, I hope, Dear God,
Some happiness to find.
Let me google but for today,
Not worrying 'bout Ads ahead,
For I have trust that You will see
Gator and friends, all of them dead
Give me the courage to face the web's trials
And not from adware or spyware run,
Let me keep this thought in mind,
"My will, not Yahoo's, be done."
Oh I miss the yahoo I knew.
http://web.archive.org/web/19970201021647/
Quem a paca cara compra, paca cara pagará.
Wasnt it Yahoo that changed the "subscription" settings on all their current (at the time) email users to have them "opted-in" to all their spam partners not too long ago?
Fool me once...
...Rob
The American Dream isn't an SUV and a house in the suburbs; it's Don't Tread On Me.
AllAdvantage.com was one of those late-90s .com's with an incredible business plan that turned out to in fact not be credible enough to last. For those who never heard of it, it was the idea that users would run a "toolbar" on the bottom of their screen at all times, and then the company would send the users a monthly check for their cut of the ad revenue for the ads they were exposed to.
Sure, this was adware to the nth degree... but all of the users either knew or should have known what they were getting themselves into and they were on the financial take for their part in the scheme.
Of course, the major anti-malware products weren't around back then to weigh in on their opinions on these things. But, it's an interesting call. Nobody was ever tricked into installing this program, so would it be the duty of an anti-malware program to attack such a program, or just let it be?
http://www.safer-networking.org/
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
This is wrong, NIS did not make holes in the firewall for spyware. NIS had a method for applying preset rules to known programs so they would work without the user needing to be an expert. You and I might know that a web browser needs to access outbound on port 80, as well as FTP rules, but Joe User doesn't.
.EXE name to apply the rule, and it was quickly discovered that you could rename a malicious program to use the same name of a known good program and take advantage of those rules. This was quickly fixed by adding a digital signature database that tracked each known good EXE (each version released wherever possible) so that only the real programs could take advantage of this functionality.
This is a great way to make a firewall usable for novices, but it had a flaw. It used the
A couple of people saw the preset rules when NIS was originally released and made the assumption that since they listed a bunch of programs, there must be spyware in there. This was not true, and the NIS team watched those new rules like a hawk to make sure that no bad guys got in.
How do I know this? Because I worked on NIS 2000 2.0 and had the privilege of leading the NIS 2001 through NIS 2004 quality assurance team.
FUD is not something that Microsoft has a monopoly on, as the parent post proves, well meaning but wrong end users can dish it out too.
Felix is the last amusement applet I will ever let my mom run.
:)
Ah, how the tables turn when one grows up and learns about computers.
Need Free Juniper/NetScreen Support? JuniperForum
yahoo mail (you can actually get *gasp* POP3)
You can POP3 your Yahoo mail, but it requires paying $30/year. I want to do this, but am scared about the automatic renewal. There is no option to have it automatically stop at the expiration date. The consumer would not lose anything since the account would revert to the normal free webmail until another payment was received, and they could easily send reminders before and after the expiration.
I had Geocities and Yahoo mail. Geocities always allowed POP3. After Yahoo bought them, I merged the accounts and was able to POP3 from both accounts. Then Yahoo started charging. I received an email advertisement about the "new service" every time I tried to POP3.
I dislike that Yahoo's webmail does not work in Mozilla as well as MSIE. I wish they would hire some good standards-aware web developers. Their spam filter works very well, but did not work with POP3 the last time I used it. The spam would be in the Junk folder in webmail, but there was no option to exclude the Junk folder from POP3.
---
I use Yahoo's movie listings and their maps. Mapquest's maps do not appear in Mozilla (with my settings?), and Yahoo's maps do.
I spend my life entertaining my brain.
In its spyware-fighting tool released in beta last week, Yahoo Inc. left out for automatic detection a category of often-unwanted software for which its paid search division has a financial stake. Yahoo's Anti-Spy beta for its browser toolbar doesn't include adware by default when it scans users' systems for unwanted programs.
[ ... ]
Among the programs the Sunnyvale, Calif., company classifies as adware are controversial ones from Claria Corp. (formerly The Gator Corp.) and WhenU.com Inc., two common targets of spyware critics who say the companies trick users into accepting unwanted downloads and flood machines with pop-up ads.
With Claria, best known for its Gator eWallet application, Yahoo is also a business partner. Claria, based in Redwood City, Calif., delivers pop-up and other forms of advertising from its GAIN ad network through software downloaded onto users' machines.
I got sick of supporting my friend's dad's computer. No matter what I did to it, he still managed to fill it with viruses and spyware. It was insanity. I had things set to autoupdate signatures and automatically run, but to no avail.
So last week he said he wanted a new computer, gave me his credit card number, told me what apps he needed, and let me order him one. I got him a shiny new Apple. No more friggin' spyware and virus hell, no more support calls for when his browser keeps crashing, and the security on it is miles higher than what he had with WinME. Plus, if he needs support, he can just go down to the local Apple Genius Bar.
I'm sure plenty of malware for the Apple will come, it's just a matter of time. But for now, I don't have to deal with it, and the Apple actually suits his business much better than his old windows box did.
Need Free Juniper/NetScreen Support? JuniperForum
Yahoo's lawyers obviously do. The fact that the "Adware" category isn't set for removal by default is Yahoo's fuckup - the fact that Gator is in that category is probably a decision made by their lawyers.
What's far more insidious is likely to be all the bots/spyware/trojans that will, by next week, be disabling this portion of Yahoo's product the moment they find it just like viruses go after virus scanners and several trojans spyware programs go after Ad-Aware/Spybot/etc already.
Here is a screenshot that shows how simple it is to remove adware using the tool.
Yahoo Anti-Spy
The article makes it sound like you have to go clicking through a bunch of option screens, but the truth is that removing adware is exactly one click more complex that simply running the program.
You guys are so ready to excoriate Yahoo, but all they've done is provide a free, easy-to-use tool for common users to delete crap from their computers. So what if they rely on the user to click *one cleary labeled check box* to delete software created by Yahoo's own business partners?
Keep in mind that the program has no negative side effects...even according to the progam's critics, its worst sin is a sin of omission.
It can amount to the same thing though. It's an old trick in ideology and politics (and I guess business as well) to redefine other groups in such ways as to suit your purposes. For example, what are you willing to bet that groups that are pro-US are not classified as "terrorist" even if they use similar tactics? This then means they are not subjected to the same legal restrictions that groups classified as terrorist are. Note also that while we call extreme Islamic groups 'terrorists' they also call the US 'terrorists' and themeselves as 'holy warriors'. The way you label your enemies and your friends is one way to serve your own interests while being to able to *deny* it. Other way these tricks are played are for example the definition of "poverty-stricken". For example in China recently, the rate of those in poverty suddenly rose over-night, literally, as before that, China had been defining "poverty" in such a way as to exclude people who were literally scraping a bare living so as to be able to reduce the official statistics of who was living in "poverty". They decided to redefine "poverty" because they figured the economy was good enough and the state was stable enough to afford it. Western governments also play tricks like this with the definition of "employment".
It seems to me that if they really wanted to do something about these companies they could start by not accounting for 31% of their profits.
Saying Java is nice because it works on all OS's is like saying that anal sex is nice because it works on all genders.
oh
If you check the "also check adware" button, it will remove Claria. I've done this.
It doesn't remove any kind of adware by default, Claria or no.
Ben
If Tyranny and Oppression come to this land,
it will be in the guise of fighting a foreign enemy. -James Madison
First off, nobody actually reads those things until there's a pressing need (e.g. Why did my account get canceled? or Why am I getting spam? or Why won't the store let me return this defective/crappy software I just bought? ).
We all know they're not legally binding against the person who did the clicking, but they do provide a small amount of legal CYA for the content/service provider. I view clickthroughs as the moral equivalent of telephone slamming. For those unfamilar with the concept: Telemarketers record you saying "yeah" to something innocuous, then use that tape to defend the new "services" they've added to your telephone bill. Now instead of a tape, they have a record of your click, so they can claim they have the right to do anything they crammed into the 100page all-caps document displayed in a 4x60 scrolling window.
Personally, I think it should be illegal (in the US) to create a clickable AUP/TOS/EULA that says anything remotely resembling "we reserve the right to spam you, monitor your activities, install software, take over your machine, etc" (Of course, I also think it should be illegal to target minors with product advertisement; however, that's another battle I'll always end up losing.)
I've never used these so-called "browser toolbars" because they seem to only work on inferior browsers (= MS Internet Explorer) on toy OSes (= Windows), upon neither of which would I waste a precious CPU cycle; so perhaps I'm not the fittest person to comment here.
But how come, when people install these things, they don't just do the nearest thing to what I would do when installing a package with functionality I didn't want: edit the source code with whatever Windows has instead of vi, and comment out all the spyware-ish bits, before they do whatever Windows does instead of make? Maybe they could even do whatever Windows does instead of diff to create a patch, and offer that for download from their own site.
If people aren't smart enough to do that, they probably deserve the consequences.
Je fume. Tu fumes. Nous fûmes!
This is typical yahoo!. I have a love hate relationship with yahho! since they have quite a few good, free, services. Things like free fantasy sports, of which just about any other system with that much organization has gone pay in some way. (Yahoo does have pay for extra functionality.. but if you have some whits about you and like looking at stats and figure out some points on your own .. you don't need it.) Also Free e-mail, of which i like using.
.. it tells you where to go once you've actually started geting this spam.
.. So i open it, and low and behold i see some relation to yahoo. I'm pissed now. I mean this is spam .. and they say the block spam or at least put it into a BULK folder for if you wanna view it you can .. or you can just empty. So i say to myself, "I'm gonna show you, I'll mark this as spam". To my suprise and very much anger the message WAS FREAKING SET IN SUCH A WAY that the spam blocker said the message was innelligable to be blocked!!!!
.. i found about as many ad director e-mail addresses, VP's addresses, and a couple of other higher Uppermanagement e-mail addresses i could find. I put them all in the to: block of an e-mail forward with a Screenshot of the unblockable and forward of the message and wrote a concise but very vehement message to them all about how i thought their company was being hypocritcal with such actions.
.. and i won't bitch anymore. 2. other people bitched like i did, and they stopped that stupid shit.
Now with that said the reason it doesn't suprise me is cause of an incident i had with Yahoo! mail's spam blocker quite a few months ago.
1. They have by default in a setting list thats not really related to your e-mail account a list of ON BY DEFAULT e-mail ad lists that you get put on. In their defense
2. This is the Kicker. I started getting some other e-mails from Yahoo.com affiliates and themselves. I was kinda suprised it didnt come up in spam bin, cause it wasn't really obvious it was from yahoo. I was confused
After this incident i rooted around on yahoo's website
So since then.. i've never gotten anything from yahoo like that... either 1. they put me on a special list so i don't get it
Who makes you Sig?
But this isn't the only issue that Yahoo is two faced about-- They are also very conflicted over pay for inclusion in their search engine:
Personally I think they've kept the pay for inclusion because they've got thousands and thousands of people paying for it and they don't want to kill that revenue stream-- even though they are perfectly capable of functioning without it like Google.
This feeling also applies to their continued partnership with Gator/Claria-- it makes them too much money to dump them.
Finally-- Does Gator's name change to Claria remind anyone else of Phillip Morris' failed name change to Altria? Name change or no, they'll never live down their sleezy reputation that they EARNED themselves.
Keep fighting the good fight!
...unfortunately no one can be told what The Mat^H^H^HGoatse is...they must experience it for themselves...
We get upset when hugely profitable companies steal stuff do other illegal stuff at the expense of worthy, under-paid programmers to make a profit on it.
We do not get upset when individuals ignore a corrupt law that tramples over fair-use rules in order to catch criminals that make NO monetary profit who are stealing from some of the most corrupt companies around.
The RIAA does not represent artists. It represents recording companies, producers etc. Have you SEEN their contracts? They continue to have clauses that state "The company shall only pay the artist based on 90% of sales, to account for an estimated 10% breakage." Yes, LP's had about 10% breakage. CD's have a breakage rate of less than 1% but the scum-bags still rip off the artists. And this is only ONE of severl ridiculous clausses of the standard contract.
The truth is that if P2P stopped entirely, I doubt the artists would get 10% more in sales. If the RIAA and their companies vanished today and the artists went to CD-BABY and similar services, the artists would end up making more money.
excitingthingstodo.blogspot.com
Is there any good reason to use POP3 over IMAP, aside from some services not offering IMAP access?
POP3 allows downloading your inbound mail to a local client. The only choice is whether to delete the mail from the server at the time of the download or let it remain on the server (useful when using a temporary client.)
IMAP replicates your entire mail file (email and folders) to clients. You use more space on the server and all clients, but your mail looks the same on all PCs.
If you only use one PC, then POP3 is fine. If you use one PC as the master, and occasionally want to check your mail from other PCs, then POP3 is fine. If you are putting your mail into another system that allows mail replication, then POP3 is good because it empties the other servers.
If you use multiple clients and want to maintain your folders, then either use that last option, or use IMAP.
---
I have mail pulled from several sources into my Lotus Notes mail file, which is then replicated between my home systems and several internet servers for redundant access from anywhere, including webmail. I use POP3 to pull the mail from all other systems. My mail database sorts it into folders depending on where it originated.
IMAP was designed to grant Notes-like abilities to email. If you want a distributed system and do not have Notes, then IMAP is a good alternative, as long as your mail servers support it. (Lotus Notes servers support webmail, POP3, IMAP, and Notes replication, so you can use your Notes infrastructure with every standards-based mail client.)
I spend my life entertaining my brain.
This isn't so much a new thing. SRC Technologies in Hilliard, OH makes a spyware remover called SpyBouncer that checks for adware and malicious spyware. The same parent company also sells KeyLogger, a program that does just that-- it logs all keystrokes (including passwords, SSNs, credit card numbers, your pr0n searches, etc.) into a hidden file for retreval later. I sent a message to the SpyBouncer tech support group asking if it will remove KeyLogger. No response. One could take that to mean "No". Kinda like the fire department selling white phosphorus grenades to children, IMHO.
This sig is exempt from disclosure under the privacy Act of 1974.