Lots of news lately about Microsoft downgrading Claria (and other applications) to “Ignore”. Just what does this mean? Not much in practice, but more in philosophy.
Let me explain: There are very few antispyware programs I’m aware of that have an “Ignore” option, with Microsoft Antispyware and Sunbelt CounterSpy being the most notable. And that’s because they both originally shared the same code base (although each product has gone in its own direction).
The practical aspects to this approach is that either one of us can modify the recommended action for the user, to one of three options: Ignore, Quarantine or Remove. The idea (at least from our perspective) is to use Ignore on programs that are relatively harmless. Quarantine is the next level up. And Remove is reserved for truly pernicious applications that need to get off the system right away.
Most other antispyware programs simply offer to quarantine a piece of spyware. That’s not to say that’s wrong, it’s just a different approach.
Setting the “Ignore” flag is part of an assessment of adware that becomes multi-dimensional. It starts with two basic aspects: The threat level (High, Moderate, Low, etc.) and the default recommended action (Ignore, Quarantine, and Remove). So you can set a dangerous piece of spyware to “High Threat”, “Remove”; you can set a run-of-the-mill adware program to “Moderate Threat”, “Quarantine”; or set a relatively harmless adware program to “Low Risk”, “Ignore”. It gives a great deal of flexibility in defining what a threat is.
Now, there are relatively innocuous adware programs that merit being set to Ignore. Let’s use WeatherBug as an example. In most or all cases, people downloaded the program with the intent of getting weather alerts. Disclosure is fairly adequate, it doesn’t blast popups in your face while you’re surfing, it’s not installed through stealth, etc. So that is a case where one might say “Ok, we’ll put it in as Ignore, because chances are that someone actually wanted this, but we need to make sure the user knows it’s on their system”.
Another use of “Ignore” is for applications which might cause a privacy risk for a user. For example, a remote control program used in the wrong hands is a dangerous piece of spyware. However, in almost all cases, the user already knows about the remote control program on their system, so we simply offer advice on what the potential threat is and put the default action to Ignore.
Here’s the interesting part: “Ignore” is often ignored by users. That is to say — you can put Ignore in as a recommended action, and many users may still remove the application.
The problem is the thinking behind this. Those judgment calls are part of the gray area of adware definitions. And this is where I stop. Because there are a number of fundamental problems in the industry these days with defining adware:
“Standards are needed!” Don’t listen to the BS (largely coming from PR flacks in the adware business) that “standards are needed to define what is adware”. It’s not an issue of standards. If you’re stupid enough not to be able to tell the difference between an ad-supported copy of Eudora and Hotbar, well get out of the business. It’s adware. Period. See this post for more.
“Objective Criteria”. We’ve seen others get into this trap. They want to solely rely on “Objective Criteria” to determine what adware is. That is to say, you plug in the various attributes of a program, and the objective criteria tells you whether to list it or not in your database. Of course, it’s human nature to try to have some taxonomy, some order.
This is so idiotic it’s painful. All that happens is adware companies simply work themselves into the “Objective Criteria”. It also doesn’t take into account the real issues in defining adware, which often come from your gut. Isn’t it obvious that there is a difference between AOL Instant Messenger (which is ad-supported) and Hotbar? Of course there is. But if you rely on objective criteria, you will get stuck in a trap of not being able to list a program.
We agonized over our listing criteria, as do many other commercial antispyware companies. We consulted with our lawyers. We carefully evaluated all the gray areas. And we came to the conclusion that you cannot rely on an objective criteria alone when defining adware. At some point, you have to rely on your ability to observe and think — beyond the confines of an “Objective Criteria”.
“Antispyware is a business”. Well, it is, but it isn’t. If you’re in the business of making antispyware tools strictly to make money, or to fill another slot in a product portfolio, or to sell more overpriced subscription products, you’re in the wrong game. Antispyware vendors have a duty to users which goes above the normal duties of making software.
Your users are relying on you to make the tough calls, to take the heat, and even go to court if you have to. It’s why they shelled out the bucks to buy your product. It’s not something to be done by committees.
A number of very smart men have said that there are no statues for committees. And that’s true. In the antispyware business, there has to be a strong, central philosophy that flows throughout the organization. That philosophy usually comes from one or two people. Obviously, the problem at Microsoft is that they have competing demands in the organization — Legal wanting to stay out of lawsuits, MSN trying to make a business in online marketing and the antispyware people trying to make a good antispyware product.
“Being reasonable”. Being reasonable is a trap in this business. Adware vendors all have “reasonable” arguments as to why they shouldn’t be listed. Remember your users, those people who sprang their hard-earned money to buy your product, and then think twice about “being reasonable”. As my grandfather used to say in his classic irascible way: “You want a medal, or a chest to pin it on?”
Now, I temper my normal aggressive rhetoric with some balance. To those adware vendors who read this blog (and there are many), you will always get fair and just treatment from us. We’re not crazed vigilantes in a mindless battle against advertising. We know that you’re running a business. It’s just that we’re in the business of protecting users and enterprises from adware and spyware. And that goes above any other discussion.