AOL antivirus software slammed by consumer advocates
Security tool raises adware, privacy questions
IDG News Service - Just days after posting details of searches made by hundreds of thousands of subscribers, AOL LLC is in hot water again with consumer advocates. This time the issue is with the company's Active Virus Shield antivirus software, released last week.
At issue is the software's licensing agreement, which authorizes AOL to gather and share data on how the software is being used and permits AOL and its affiliates to send e-mail to users. "If you go through the installation, just as any normal user would, there is not the slightest hint of any advertising functionality or data gathering of any kind," said Eric Howes, director of malware research at anti-spyware vendor Sunbelt Software Inc.
Active Virus Shield uses Kaspersky Lab Ltd.'s well-regarded antivirus software and comes with an optional security toolbar that blocks pop-up ads and manages passwords. The software is available free to anyone who wishes to download it.
Although security experts, including Howes, say that Active Virus Shield does not behave in a malicious fashion or serve up unwanted ads, some are concerned that the product's end-user license agreement (EULA) would allow AOL to send spam or serve up adware at some point in the future. "If it actually does any of the things stated in the EULA, we would actually flag it as spyware," said Christina Olson, a project manager at Stopbadware.org.
The Active Virus Shield agreement gives AOL much broader rights to collect information and then to share that information with third parties than typical EULAs, observers said.
A prohibition against blocking ads also caught Olson's attention. "If you have any ad-blocking software up, you're basically violating their EULA, which is ridiculous," she said.
After being contacted by IDG News, AOL said it now plans to alter the licensing agreement. "We are updating the EULA to address any concerns," said Andrew Weinstein, a company spokesman. "We are reserving the right solely to send periodic marketing e-mails that users will have the choice to opt out of."
Adding to AOL's troubles is the fact Active Virus Shield's security toolbar is based on a product with a questionable reputation. An earlier version of this software, known as the Softomate toolbar, is flagged as adware by Kaspersky's own antivirus products.
"We don't use the earlier code because it was used by a malware provider," Weinstein said. "That's why Kaspersky looks for it."
While AOL's toolbar is not considered to be adware, observers say that AOL, which prides itself as a fierce opponent of adware and spyware, could have based its own toolbar on a better product. "I don't understand how a legitimate company like AOL provides software that can be classified as rogue," said Aviv Raff, a security researcher based in Israel.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt. All Malware and Vulnerabilities White Papers | Webcasts