January 25, 2006

Internet Brain Trust Aims to Shame Spyware Makers

By Eric Auchard

SAN FRANCISCO -- Internet researchers at Harvard and Oxford universities said on Tuesday they are seeking to enlist Web users in a program to name and shame suppliers of spyware and other malicious software programs.

The Stop Badware Coalition will seek to spotlight companies that make millions of dollars by tricking Web users into putting spyware, adware or other deceptive software on their machines, organizers from the Berkman Center for Internet & Society at Harvard and the Oxford Internet Institute said.

The multi-year project is financially backed by Google Inc. and computer makers Lenovo Group and Sun Microsystems Inc. It is advised by U.S. consumer advocacy group Consumer Reports WebWatch, its backers said.

"This is mostly a highlighting and warning and education project," said Vint Cerf, one of the pioneers of the Internet who now holds the title of chief Internet evangelist at Google. Cerf is serving on the advisory board of StopBadware.org.

The coalition aims to solicit reports of malicious software from Web users through its site at http://www.StopBadware.org.

Then it will issue reports naming offending products and companies in an effort to educate consumers. Over time, project organizers said they hope to team up with commercial security software makers to create automated tools to block "badware."

These tactics seek to go beyond lawsuits and efforts to work with regulators to use the power of publicity to expose what organizers say are the unethical practices of aggressive marketers such as Claria and 180solutions.

These companies have been widely criticized for spreading software that installs incessant pop-up advertisements on PCs.

"Badware" is a new, catch-all term that refers not just to spyware but to a broader class of malicious software, which once installed on a computer can open the door to viruses, worms, Trojan horses and other forms of computer attack.

One in six respondents to a survey by Consumer Reports complained they had been a victim of so-called badware in 2003-04, spending $250, on average, to repair computer damage, or around $3.5 billion in total.

Organizers declined to immediately identify specific targets, saying they would issue monthly reports of their findings that name specific companies and provide consumers with tips for how to fix problems created by the programs.

"We do have companies in mind but we are not going to name names off the bat," said John Palfrey, co-director of the Stop Badware Coalition and director of Harvard Law School's Berkman Center for Internet & Society.

"The key message here is that we are putting every company on notice," he said.

"These are companies that operate in the shadows," said Beau Brendler, director of Consumer Reports WebWatch. "Some of these companies are trying to come forward and have initial public offerings."

The StopBadware Web site will allow Internet users to check to see if software programs they want to download from the Web are infected with badware and allow site contributors to alert others to malicious programs they have encountered.

The Stop Badware coalition is similar in certain ways to the Urban Legends hoax education site at Snopes.com, Cerf said.