WebProNews » Badware

Sears Smacked Over Badware

WebProNews Staff — Wed, 09 Jan 2008 18:01:34 +0000

A software application from the holding company for Sears and K-Mart have the folks at StopBadware.org requesting changes to it.

Much of the kerfuffle over the Sears Holding Corporation’s ‘My SHC Community’ application got rolling with spyware researcher Ben Edelman. He commented on the installation of ComScore tracking software with My SHC, suggesting the tracking to take place is not clearly disclosed to novice computer users.

He followed that up with an even more astonishing disclosure that Sears “Manage My Home” reveals customer purchases, to anyone in an easy fashion. The disclosures violate Sears own privacy policy.

Privacy problems continued to mount when StopBadware.org joined the discussion. StopBadware cited My SHC as “badware because of inadequate disclosure of extensive tracking and data collection and because the application does not identify itself while running.”

Fortunately, both Sears and ComScore have averred they will take steps to address the concerns raised by StopBadware. “I’m convinced that Sears Holdings Corporation’s team, along with comScore, is making strides to address the things that make this application badware in our book,” John Palfrey, co-director of StopBadware.org and executive director of the Berkman Center for Internet and Society at Harvard Law School, said in a statement.

The statement WebProNews received from StopBadware said SHC has halted further downloads of the My SHC application until they update the disclosure and privacy policy language, and make an icon available for the application in the Start Menu to identify itself.

Google Provides More Information To Badware Sites

Navneet Kaushal — Wed, 28 Feb 2007 01:41:30 +0000

Google is working harder on providing better information to webmasters and the effects are showing. The Google blog has announced that they will send detailed information in their malware notifications to webmasters. These notifications will also be sent by mail.

Now instead of simply informing webmasters that their sites have been flagged and suggesting next steps, we’re also showing example URLs that we’ve determined to be dangerous. This can be helpful when the malicious content is hard to find. For example, a common occurrence with compromised sites is the insertion of a 1-pixel iframe causing the automatic download of badware from another site. By providing example URLs, webmasters are one step closer to diagnosing the problem and ultimately re-securing their sites.

However, when it comes to email notifications, Google will send these mails to "likely webmaster aliases for the domain in question (e.g., webmaster@, admin@, etc)" for lack of a method for determining the real e-mail addresses. There is an extra bit of concern in this too:

We considered using whois records, but these often contain contact information for the hosting provider or registrar, and you can guess what might happen if a web host learned that one of its client sites was distributing badware.

Comments

Reddit | Furl

Bookmark WebProNews:

Google Advising Sites Of Badware Status

WebProNews Staff — Tue, 27 Feb 2007 00:15:06 +0000

Sites that get flagged as possibly hazardous destinations in Google’s search results will receive notifications from Google about the problem.

Google has been working with StopBadware.org to provide a safer searching experience for users. When queries return potentially unsafe destinations, Google warns people about the possible problem.

Though they have been proactive in labeling hazardous sites, Google hadn’t been informing site owners about their badware status outside of posting alerts in that site’s Webmaster Tools.

Not every site publisher uses Google’s Webmaster Central, so a badware designation could creep up on a site and be unnoticed unless someone happens to inform the webmaster or he discovers the problem in the search results.

Google announced better badware notifications, and they extend beyond Webmaster Central.

Phil Harton wrote on the Webmaster Central blog that they are providing more information in Webmaster Tools about badware detections. “We’re also showing example URLs that we’ve determined to be dangerous,” Harton wrote. “This can be helpful when the malicious content is hard to find.”

Some sites will also receive email notifications from Google. They will attempt to reach webmasters at typical email addresses for websites, like webmaster@ or admin@.

—

Add to Del.icio.us | Digg | Reddit | Furl

Bookmark WebProNews:

Google, Others, Start Antimalware Group

Nathan Weinberg — Wed, 25 Jan 2006 14:52:41 +0000

A group of technology companies have banded together to fight spyware and adware by publicizing offenders, under the sure-to-be-catchy monicker of the “Stop Badware Coalition“.

Joining the coalition are search giant Google, PC maker Lenovo, Sun Microsystems, Consumer Reports’ WebWatch project, the Berkman Center for Internet & Society at Harvard Law School and the Oxford Internet Institute in England. Internet pioneer Vint Cerf, now Google’s chief Internet evangelist, and Esther Dyson, an investor and editor of Release 1.0, are among the advisors to the group. (Release 1.0 is owned by CNET Networks, publisher of News.com.)

The news comes about two weeks after the Anti-Spyware Coalition-a group comprised of Microsoft, Yahoo, AOL, Symantec, Computer Associates and McAfee-announced it had agreed on standard methods for identifying and combating spyware.

So, basically it seems that this is a group of people who didn’t get into the Microsoft group. Oh, that should be fun.

And “badware” is never going to catch on as a term.

Nathan Weinberg writes the popular InsideGoogle blog, offering the latest news and insights about Google and search engines.

Visit the InsideGoogle blog.