Why companies can't kick the adware habit
Road to nasty affiliations is paved with good intentions
PC World - Earlier this year, AT&T's Cingular division and Travelocity both pledged not to advertise anymore via adware -- programs that slip onto PCs and inject ads into a user's browser. Verizon took a stance against computer invaders when it became a sponsor of an antispyware initiative. Yet, in March, ads from all three companies were being distributed through adware.
These businesses, along with Comcast and Vonage, acknowledge that their ads have surfaced in adware, but say they never intended for that to happen. The incidents raise a troubling question: Have advertising networks grown so complicated that sponsoring firms can't control where their ads appear, or are the companies simply not being vigilant enough?
The findings come from research by adware and spyware expert Ben Edelman. Edelman found that PCs with the adware program FullContext installed showed ads for Cingular and Travelocity that appeared to be on the Google Web site -- without the search giant's knowledge. FullContext, according to Edelman, is sometimes installed on a PC without user consent. Security companies McAfee and Symantec identify FullContext as a medium-risk adware program and quarantine it on their customers' PCs. At press time, the FullContext firm had not replied to PC World's e-mail requests for an interview.
Cingular and Travelocity say they prohibit the use of adware by advertisers they hire. Travelocity says that as soon as it found out its ads were showing up in adware, it "immediately suspended and eventually terminated its advertising campaigns with partners who may have been associated with those violations." Cingular says that it took similar action.
According to Edelman, Verizon banner ads were showing up on sites like Google because of a program called DollarRevenue. Once installed on a PC, the DollarRevenue software can inject ads on Web sites in the same way FullContext does. McAfee and Symantec both quarantine DollarRevenue when they find it on users' PCs, calling it a high-risk program.
"Something went wrong," says Jim Smith, a Verizon spokesperson. He says Verizon did business with an advertiser that contracted with another advertiser to distribute the ads. That firm in turn contracted with another advertiser. While Verizon permits redistribution of ads, Smith says, it prohibits the use of adware to show Verizon ads. He says Verizon suspended the advertiser from distributing ads until further review.
There is little doubt the companies highlighted by Edelman have no interest in seeing their ads in adware, experts say. Earlier this year both Cingular and Travelocity agreed to pay fines of $30,000 to $35,000 to settle an investigation by the New York Attorney General's office into their use of DirectRevenue adware. In the settlement, both Cingular and Travelocity promised "to investigate how their online ads are delivered" and to ensure ads were not distributed by adware surreptitiously installed on users' computers.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts