StopBadware.org on Monday put AOL’s version 9.0 on its “Badware Watch List.” The anti-spyware group cites, among other factors, the inclusion of bundled software applications and nondisclosure of additional installed components as reasons for its concern.
The report is one in a recent series released by the group, which is backed by Harvard Law School’s Berkman Center for Internet & Society and Oxford University’s Oxford Internet Institute. It is part of an ongoing effort by the organization to battle harmful spyware programs.
“AOL is a trusted brand and has always been a leader in the fight against badware,” said John Palfrey, co-director of StopBadware.org and executive director of the Berkman Center for Internet & Society at Harvard Law School.
“Clearly, AOL does not belong in the same category as the malicious badware providers we have previously identified, but the free version of AOL 9.0 that we tested, in our view, does not live up to the company’s rich legacy,” Palfrey continued.
Highlighting Bad Behavior
The report explains why AOL 9.0 is considered badware while calling on the Internet giant to provide users with proper information on exactly what they are putting on their computers, as well as a means to opt out or uninstall unwanted programs.
In its research, StopBadware.org found that AOL 9.0 engages in several badware behaviors, such as installing additional and unnecessary software — including QuickTime, RealPlayer, Viewpoint Media Player and Pure Networks Port Magic — without informing users, and adding various components to Internet Explorer without disclosure.
The report claims AOL 9.0 also forces users to take unnecessary action. Once AOL 9.0 is installed, users are immediately prompted to update to their connectivity services by displaying a dialog box that can’t be closed otherwise. AOL 9.0 also adds AOL-centric shortcuts to a user’s Internet Explorer browser without permission, the group said, including the AOL Toolbar, additional icons and a favorites folder.
“Mainstream software providers must make installation and integration of new software easy while also informed. That way, users are aware of what is happening to their machines, can exercise meaningful choice over updates, and are provided with the means to easily remove software should they change their minds,” said Jonathan Zittrain, co-director of StopBadware.org and professor of Internet Governance and Regulation at Oxford University.
Zittrain conceded that what the group is calling for is a difficult balance to strike at a time when industry best practices are still unformed.
AOL spokesperson Andrew Weinstein wanted to make it clear that StopBadware.org made an open query — not a definite indictment. AOL is in conversation with the group, Weinstein told TechNewsWorld, to address some of its concerns.
“We were a little surprised by the report,” he admitted. “As they note, AOL is different from anyone else they’ve reviewed. Our service is a valuable service for consumers that protects them and has nothing malicious in it.”
AOL had already planned to address some of the “minor disclosure issues” in the next version of its software, which is due for release in a few months. The company stands behind its track record for protecting its customers, Weinstein said.
Tying Up Loose Ends
Another behavior initially identified that leaves two AOL processes running after uninstallation appears to have already been fixed by AOL following notification last week of StopBadware.org’s findings.
“Upon providing AOL with an advanced copy of our report, we have been very impressed with their response to identify and rectify potential problems,” Palfrey added. “We look forward to working with AOL to address the concerns that we are raising in our preliminary findings.”