|Home » News » Roundups
April 24, 2002 10:42 PM UTC
Software companies, both legit and not, are starting to use client PCs as their private battlefield.
Calling the tactic 'malware at its worst,' Lavasoft said its Ad-Aware is being destroyed when users install the RadLight (no connection to Radsoft) multimedia player. The editors at Newsbytes have confirmed this. There is even mention of this nicety in the RadLight 1,100 word EULA, which goes on to prohibit use of Ad-Aware and similar utilities.
Representatives of the Slovak Republic based RadLight were of course not available for comment.
When installing RadLight, a document is displayed explaining that the program comes bundled with two 'small optional programs from other companies.' The programs include WhenU.com's SaveNow browser shopping companion and New.net's Web navigation plugin. Great stuff no doubt.
The EULA goes on to explain:
You are not allowed to use any third party program (e.g., Ad-aware) to uninstall application bundled with RadLight. Such programs will be removed.
It's evidently the SaveNow program which does the dirty work, and SaveNow which would have turned on Ad-Aware's warning lights - so it had to go. Besides SaveNow, Ad-Aware detects dozens of programs including Alexa, Aureate, Comet Cursor, Cydoor, Gator, OnFlow and TimeSink.
Lavasoft's Ann Christine Åkerlund immediately notified DOWNLOAD.COM, where the RadLight program had been made available, and CNET has removed the program from its website. Åkerlund recommends downloading Ad-Aware again to completely remove the destructive payload of the RadLight program. Yet great damage has already been done: CNET reports over 750,000 downloads as of February 2002.
Major Geeks are temporarily hosting a download site for Ad-Aware at the following URL.
In a related story, internet.com reports that AOL's AIM is sneaking itself into Microsoft's Internet Explorer's 'trusted zones' on install - so AOL can feed AIM users an endless stream of useless - and potentially destructive - junk.
Automatically designating the free.aol.com site as a Trusted site allows AOL to install cookies and even run code on a user's PC without their knowledge.
Rich Mogull, a senior analyst at Gartner Group's Gartner G2's growth strategies practice, says AOL's action violates all three elements of trust:
- Intent - the desire to operate within the boundaries of an agreement.
- Capability - the ability to fulfill the intent.
- Communication - the ability to instill belief in these abilities within the consumer/business partner.
'Businesses that allow the use of AOL Instant Messenger are also forced to trust AOL servers, despite whatever security and privacy settings (those businesses) have in place,' Mogull said. 'By forcing browsers to trust AOL, it violates the boundaries of the users' understanding of the relationship. By making these changes without notifying the user, AOL has failed to communicate either intent or capability.'
AOL's practice is particularly troubling, Mogull said, since it is vulnerable to an insidious and well known cyber attack known as 'cross-site scripting,' which allows an attacker to inject malicious code onto a system by hiding it as legitimate code from free.aol.com.
Luckily the cure is not far away. IE users need only remove free.aol.com from their list of trusted sites.
Victims of both these dirty tricks may survive this round of skirmish, but the ante has definitely gone up.