To Coast or not To Coast- That is The Question

by Wayne Porter

COAST or Not to COAST

01.17.05

Recently I wrote a piece called ?Why We Don?t Do Adware? and now I find myself compelled to write again about ?Why We Don?t Do COAST?. A few months ago we had the opportunity to join the group but after reading an article by Nicholas Stark, from LavaSoft and after reviewing the conduct of some of the members we decided to take a pass. It pained us to do so because we feel that the grass roots security movement really needs a collaborative organization sans dues to get together to discuss the complicated trends occurring in the malware space.

What is COAST?

COAST is a non-profit organization comprised of anti-spyware vendors, software developers and researchers who have come together in an effort to educate and protect consumers and businesses from the Internet's burgeoning spyware problem. By working with COAST and complying with its strict Code of Ethics, standards and guidelines, 180solutions aligns itself with the organization's governing companies, Aluria Software LLC, PestPatrol, Inc. (recently acquired by Computer Associates), Webroot, Inc., and NoAdware.net

COAST has recently rised the ire of many activists because of the admission of 180 Solutions. There has been much documentation of conduct from 180 Solutions that makes my eyebrows rise at the very thought of a company like that being admitted into a coalition designed to protect and educate consumers. For the release

about 180 check out http://press.arrivenet.com/bus/article.php/561218.html Their conduct and the conduct of their affiliates has been less than stellar.

To get the reader up to speed here are some background pieces on 180 Solutions and how affiliates factor into the adware problem as a whole.

Who Profits from Security Holes B. Edelman
Who Bears the Responsibility? Revenews, Porter

The Effects of 180 Solutions on Affiliate Profits B. Edelman

Security Hole Cinema Revenews, Porter

First Spyware Case: Affiliate WhoDoneIt? Revenews, Porter

New OutRage: Spyware/Adware Company Joins Coast SpywareWarrior

180 Solutions Joins Coast CastleCops.com
N-Case from DoxDesk DoxDesk
SpywareGuide 180 Solutions SpywareGuide.com

Now that you have digested all of those wonderful reference links let?s start by referencing COAST?s Code of Ethics and then look at what is really going on in the trenches.

We are going to refrain from calling out particular companies by name, but rest assured the conduct we reveal has or is still taking place and it is being conducted by some, not all, COAST members. We find it deeply disturbing that some members do not adhere to their own Code of Ethics.

We shall start with COAST's Responsibility to the IT Privacy and Security Industries

From the Site: 1. Compete honestly and fairly on the open market with their competitors and refrain from any intentional misrepresentation of a competitor?s products and/or services to gain marketing or competitive advantage.

Deceptive Keyword Advertising

The use of deceptive keyword biding advertising by at least one COAST member or by their affiliates is rampant. There have been many cases of affiliates (commissioned resellers) bidding on the trademarks or program names of competitors in order to sell their own solutions. This advertising is clearly deceptive. For example to use the term Xblock, one of our products, and then to offer another solution is by default deceptive and it confuses consumers. In some cases we end up providing support for users who thought they bought Xblock when in fact they had bought another application through an ad that had deceptively used our name. Perhaps some of the blame lies at Google?s feet for not doing a good job of verifying the key term is accurately describing the page the consumer is getting through the ad.

If we do a search for Xblock one should expect to see relevant listings for the Xblock program by the Xblock company, an authorized reseller, or authorized affiliate. Some COAST members seem to disregard this basic rule of advertising ethics and by no means is our program the only target. We see this consistently where a COAST member targets the names of other freeware or commercial tools to sell their software.

Protecting Against Decoys

Another excerpt from their Code of Ethics.

3. Reject the use of marketing strategies that misrepresent or exaggerate known threats and vulnerabilities.

A few months ago we placed a couple of ?decoy? entries into the SpywareGuide.com database to see who was automatically data mining the site. We certainly understand that security vendors use other sites as a point of reference. Everyone does this because the threats evolve so quickly and rapidly that it is difficult for humans to get a handle on them. Certainly a good amount of information sharing and collaboration is needed to stay current in a field that moves at lightening speed. Also it is a given that mistakes can happen because human teams are doing the reviewing. However there needs to be some layer of validation from a threat detection team. In this particular case the threat was completely non-existent. It never existed and it poses no harm to consumers. (For the purpose of a future study we are not revealing the names of the decoys.)

We have documented proof that more than one member of COAST has appeared to be spidering data from the guide and claiming they can protect users against this non-existent threat. We have asked one COAST member to remove this content over a month ago yet the decoy entrie(s) remain. In a phone conversation they claim their SEO firm must have used it for marketing purposes and they promised to remove it from their website. They also claim these decoys were never actually placed in their detection database.

The removal of the decoy data has yet to happen despite our friendly request for them to remove it. Soon enough we will conduct some tests to see whether this and other firms validated the threat through actual testing and actually did insert it into their detection database. The results of this test are forthcoming and we feel it will be revealing and the list of names quite long.

More Deceptive Bidding

In addition to adding this decoy program to their websites, another COAST member goes as far as to advertise through Google Adwords that they can protect users against this rogue spyware. This is yet another example of deceptive advertising because you cannot guard against a threat that does not exist.

Use of UCE a.k.a. SPAM

The next area of contention we have with certain COAST members is the past use of U.C.E (unsolicited commercial e-mail) to promote their products. We are not sure whether it was a COAST member itself or simply a rogue affiliate doing the promotion, but we feel that merchants are to a great degree responsible for what their partners do. While we have not seen any U.C.E. being sent since the CAN-SPAM act, there have certainly been cases of it in the past. This infuriates us.

While we abhor SPAM, we find it even more offensive when consumer protection companies utilize this form of illegitimate marketing. Again there is documented proof that certain COAST members have used SPAM to promote their products or have benefited from their affiliates sending bulk e-mall to promote their product. This is no different than adware and spyware vendors who utilize rogue affiliates to drive installations.

One way to validate this claim is to go to http://groups-beta.google.com/ and put in COAST members followed by the word spam and look for complaints filed in newgroups. Now it is important to take isolated reports with a grain of salt. I have seen companies send SPAM in order to execute FUD (Fear, Uncertainty and Doubt) campaigns, but you will want to look for patterns of abuse. Patterns of abuse tend to lead one to believe that a company knows a rogue affiliate is sending spam. Either way, even if the rogue affiliate is booted out of the program, the vendor still benefits from the illicit fruit. Adware companies, merchants who deal with spammers, affiliate networks and rogue affiliates have all been eating this fruit for years.

See my colleague Brian Clark?s Illicit Fruit of the Spamdemic piece. While this was written in 2002 it still holds water today. As it stands now even the larger advertising networks struggle to exert any semblance of control over their own networks.

Spyware Free? We Can't Even Agree

COAST is also bent on the creation of a ?spyware-free? certification program for software vendors. We feel this is folly. While we think the security industry should provide guidance for developers of adware we really don?t see how they can accurately monitor and patrol everything they do. We try to focus on behavior that we can see, what consumers tell us and things we can validate. While we feel adware vendors can make changes and operate in a more consumer friendly fashion we would not want the task of giving anyone a seal of approval. We find it hard that anyone could be "spyware free" because during this author's participation in the FTC Spyware Workshop not a single person could agree on what was spyware! Dynasties that have been built by deception do not reform overnight.

Creation and Marketing of Spyware

One COAST member, that we feel makes a very good application, used to produce a commercial key-logger to spy on users. This is something we classify as true spyware. While they have taken it off the market they do continue to support it for existing users. While we believe keyloggers can have beneficial uses, and can be used to safeguard children and PC security we find it a hard pill to swallow when a company develops, and markets a product that they detect with their own anti-spyware product. Everyone makes mistakes, and it is good they took it out of their product mix, but again we find it disturbing that they went that route in the first place.

Steep Fees for Membership

Like Nicholas Stark we were put off by the fees that COAST was asking to join their non-profit organization. Many good and useful security applications are free and the steep membership fees seem to be in line with keeping these freeware or emerging software developers out of the mix. While we make commercial software, we also provide freeware (e.g. http://www.x-raypc.com) for no charge to consumers. If this was the only application we produced membership would have been out of reach. Like LavaSoft we will not be associated with an organization that tolerates SPAM, the illegal use of other's names and marks in advertising, and the ?borrowing? of intellectual property. The evidence is out there folks- just do a little digging.

Overall Xblock Systems is disappointed with COAST. Clearly there is a need for an organization to help guide the industry but we find the inconsistencies in the practice of some COAST members to be disturbing. We also find some of the members to be even more disturbing in that they are not security vendors they are adware makers. Case in point the respected company one COAST member targets 180 Solutions in their definition file yet they work with them side-by-side in the COAST organization. How can you do this when there is a plethora of evidence to support that180 Solutions is far from reformed? There seems to be a pattern of double standards emerging that we find troubling.

At Xblock Systems we still await the formation of a group of companies that want to work together, in an open-source spirit, to help guide and shape the security industry.

This article is copyright 2005 by XBlock.com.
It may not be reprinted or copied without the express written consent of the author.

Related Articles

• Why We Won't Do Adware

Read other articles (back to full list)