AOL antivirus software slammed by consumer advocates
Security tool raises adware, privacy questions
August 18, 2006 (IDG News Service) -- Just days after posting details of searches made by hundreds of thousands of subscribers, AOL LLC is in hot water again with consumer advocates. This time the issue is with the company's Active Virus Shield antivirus software, released last week.
At issue is the software's licensing agreement, which authorizes AOL to gather and share data on how the software is being used and permits AOL and its affiliates to send e-mail to users. "If you go through the installation, just as any normal user would, there is not the slightest hint of any advertising functionality or data gathering of any kind," said Eric Howes, director of malware research at anti-spyware vendor Sunbelt Software Inc.
Active Virus Shield uses Kaspersky Lab Ltd.'s well-regarded antivirus software and comes with an optional security toolbar that blocks pop-up ads and manages passwords. The software is available free to anyone who wishes to download it.
Although security experts, including Howes, say that Active Virus Shield does not behave in a malicious fashion or serve up unwanted ads, some are concerned that the product's end-user license agreement (EULA) would allow AOL to send spam or serve up adware at some point in the future. "If it actually does any of the things stated in the EULA, we would actually flag it as spyware," said Christina Olson, a project manager at Stopbadware.org.
The Active Virus Shield agreement gives AOL much broader rights to collect information and then to share that information with third parties than typical EULAs, observers said.
A prohibition against blocking ads also caught Olson's attention. "If you have any ad-blocking software up, you're basically violating their EULA, which is ridiculous," she said.
After being contacted by IDG News, AOL said it now plans to alter the licensing agreement. "We are updating the EULA to address any concerns," said Andrew Weinstein, a company spokesman. "We are reserving the right solely to send periodic marketing e-mails that users will have the choice to opt out of."
Adding to AOL's troubles is the fact Active Virus Shield's security toolbar is based on a product with a questionable reputation. An earlier version of this software, known as the Softomate toolbar, is flagged as adware by Kaspersky's own antivirus products.
"We don't use the earlier code because it was used by a malware provider," Weinstein said. "That's why Kaspersky looks for it."
While AOL's toolbar is not considered to be adware, observers say that AOL, which prides itself as a fierce opponent of adware and spyware, could have based its own toolbar on a better product. "I don't understand how a legitimate company like AOL provides software that can be classified as rogue," said Aviv Raff, a security researcher based in Israel.
After examining AOL's toolbar, Raff discovered a flaw in the software that would allow hackers to change the toolbar's configuration options. While the flaw does not in itself present a security risk, it could be used in combination with other types of malicious software to do things like pop up bogus search results, he said.
"The problem is similar to the Sony rootkit issue," Raff said referring to Sony BMG Music Entertainment's notorious copy protection software, which was found to be the source of security issues late last year. "A big company chose an external company's software and rebranded it as their own, later to discover it might be bad after all," he said.
AOL's licensing problems come at a sensitive time for the company. Earlier this month, the Internet service provider weathered a public relations disaster after an AOL researcher inadvertently exposed data on about 19 million Web searches performed by 658,000 users.
Erik Larkin of PC World contributed to this story.
Originally posted by: supafly
FWIW if you guys haven't read this yet:
http://www.computerworld.com/action/art...c&articleId=9002564&source=rss_topic85
Originally posted by: AnyMal
Originally posted by: supafly
FWIW if you guys haven't read this yet:
http://www.computerworld.com/action/art...c&articleId=9002564&source=rss_topic85
Well, you know what they say about free lunch....
Originally posted by: Slikkster
Here's a good article to show you just how UNPROTECTED you are, even with strong anti-virus and anti-spyware installed. A real good comparison of how many popular programs, including the full version of Kaspersky 6, perform.
One thing mentioned in the bottom of the article is using virtual desktops for protection. One very cool one (AND FREE) is "Sandboxie". It will load up right inside windows, and let your surf and load programs in a virtual and protected "sandbox", which provides a tremendous amount of protection. It's an outstanding free program.
Here's the article on the anti-virus/anti-spyware comparison:
http://www.techsupportalert.com/security_scanners.htm
I can see some very nice applications for Sandboxie, but what about testing out programs that need a reboot to finish the install?
How about testing an Anti-virus program on a computer that already has an anti-virus program on it?
Here's where to get Sandboxie (free!):
http://www.sandboxie.com
Originally posted by: Slikkster
Here's a good article to show you just how UNPROTECTED you are, even with strong anti-virus and anti-spyware installed. A real good comparison of how many popular programs, including the full version of Kaspersky 6, perform.
One thing mentioned in the bottom of the article is using virtual desktops for protection. One very cool one (AND FREE) is "Sandboxie". It will load up right inside windows, and let your surf and load programs in a virtual and protected "sandbox", which provides a tremendous amount of protection. It's an outstanding free program.
Here's the article on the anti-virus/anti-spyware comparison:
http://www.techsupportalert.com/security_scanners.htm
Here's where to get Sandboxie (free!):
http://www.sandboxie.com
Originally posted by: Slikkster
Here's a good article to show you just how UNPROTECTED you are, even with strong anti-virus and anti-spyware installed. A real good comparison of how many popular programs, including the full version of Kaspersky 6, perform.
One thing mentioned in the bottom of the article is using virtual desktops for protection. One very cool one (AND FREE) is "Sandboxie". It will load up right inside windows, and let your surf and load programs in a virtual and protected "sandbox", which provides a tremendous amount of protection. It's an outstanding free program.
Here's the article on the anti-virus/anti-spyware comparison:
http://www.techsupportalert.com/security_scanners.htm
Here's where to get Sandboxie (free!):
http://www.sandboxie.com
Originally posted by: cruzer
Some interesting quotes from the article, emphasis mine:
"Most products were tested using an unpatched version of Windows XP."
1. Contrary to common sense, this scenario is quite frequent.
"I browsed with Internet Explorer to three known drive-by download sites. These sites use flaws in Windows and Internet Explorer to download malware without any user action or knowledge."
2. IE is by far the most used browser out there.
"In this test I loaded the Hacker Defender and FuTo rootkits while the security program and its monitor were deactivated."
3. Many people use protection schemes after the fact, so if a rootkit already exists, one can't count on many of these programs to even detect them.
Originally posted by: Fritzo
When the hell did I suddenly get sucked into Bizzaro world??? AOL is starting to be cool, giving free cool content, free cool tools, free cool video....WHAT'S GOING ON?????
Originally posted by: DasFox
Well I say yuck to AOL's name, but afterall if it's all 100% Kaspersky, and only a name on it, then I guess this could really be HOT. By the way I stuck it on a company PC since we needed a freebie, hehe
ALOHA
P.S. How do people feel this stacks up against AVG Free?
Originally posted by: Engineer
Originally posted by: DasFox
Well I say yuck to AOL's name, but afterall if it's all 100% Kaspersky, and only a name on it, then I guess this could really be HOT. By the way I stuck it on a company PC since we needed a freebie, hehe
ALOHA
P.S. How do people feel this stacks up against AVG Free?
Click me!
AOL (Kaspersky): 99.62% detection rate
AVG Freeware: 82.82% detection rate
pretty much speaks for itself!!!