An application is badware if it acts deceptively or irreversibly, or if it engages in potentially objectionable behavior without prominently disclosing this behavior and obtaining the user’s affirmative consent.
Badware is software that fundamentally disregards a user’s choice over how his or her computer will be used. There are several commonly recognized terms for types of badware – spyware, malware, and deceptive adware. Common examples might be a free screensaver that surreptitiously generates ads, or a malicious web browser toolbar that makes your browser go to different pages than the ones you expected. Some badware is harder to spot, such as keylogger programs that can transmit personal data to malicious parties. To learn more, click here.
Badware is software that fundamentally disregards a user’s choice over how his or her computer will be used. There are several commonly recognized terms for types of badware – spyware, malware, and deceptive adware. Common examples might be a free screensaver that surreptitiously generates ads, or a malicious web browser toolbar that makes your browser go to different pages than the ones you expected. Some badware is harder to spot, such as keylogger programs that can transmit personal data to malicious parties. To learn more, click here.
We decided to call ourselves StopBadware.org, and emphasize the term badware, because we want to be a ‘big tent.’ We want to attack all forms of badware, not just software that steals your information (spyware) or software that pops up unexpected ads (deceptive adware). Terms like spyware or malware don’t fully capture the violation of user choice that is key to our definition of badware.
StopBadware.org is a partnership between top academic institutions, technology industry leaders, and volunteers committed to protecting Internet and computer users from threats to their privacy and security caused by bad software. We are a leading independent authority on trends in badware and its distribution, and a focal point for developing collaborative, community-minded approaches to stopping badware. We offer legal, policy, and technical analysis, a track record of working with open communities, and a shared desire to bring the badware problem under control in the near future. You can find out more about us on our about page.
StopBadware.org is coordinated by Harvard University’s Berkman Center for Internet & Society, with the support of several prominent tech companies including Google, PayPal, Mozilla, AOL, and Trend Micro. Consumer Reports WebWatch is serving as an unpaid special advisor.
John Palfrey, Henry N. Ess III Librarian and Professor of Law, Harvard Law School, and Jonathan Zittrain, Professor of Law, Harvard Law School, are StopBadware.org co-directors. Supporting them are a policy advisory board and technical working group made up of some of the top experts in the field, including Internet pioneers Esther Dyson and Vint Cerf. You can find out more about us on our about page.
John Palfrey, Henry N. Ess III Librarian and Professor of Law, Harvard Law School, and Jonathan Zittrain, Professor of Law, Harvard Law School, are StopBadware.org co-directors. Supporting them are a policy advisory board and technical working group made up of some of the top experts in the field, including Internet pioneers Esther Dyson and Vint Cerf. You can find out more about us on our about page.
StopBadware aims to use the very qualities that have made the internet successful – openness, flexibility, collaboration, freedom — to help fight badware while preserving its open nature. StopBadware strives to apply this model by bringing people, resources, and information together in a way that helps users make better decisions to protect themselves from badware threats.
We publish alerts on software applications that violate our guidelines, as well as occasional more in-depth reports on those applications. In our Badware Website Clearinghouse, we host information on potentially hazardous websites, which we receive from our trusted data partners. We aim to put badware developers on notice; but more importantly, we seek to promote internet safety and viability by alerting website owners and site users alike to badware of all types. In the longer term, we are building a community of organizations, corporations, and individuals who are all working together to stop badware.
We publish alerts on software applications that violate our guidelines, as well as occasional more in-depth reports on those applications. In our Badware Website Clearinghouse, we host information on potentially hazardous websites, which we receive from our trusted data partners. We aim to put badware developers on notice; but more importantly, we seek to promote internet safety and viability by alerting website owners and site users alike to badware of all types. In the longer term, we are building a community of organizations, corporations, and individuals who are all working together to stop badware.
Our sponsors want people to have a positive experience on the internet and to feel safe downloading software and visiting websites. They believe that our independent, community-centered approach is important in working towards this goal.
StopBadware is a nonprofit project, and is entirely funded through donations and grants. The financial support we receive from our corporate sponsors is provided as an unrestricted gift. The sponsors funding our work have no control over StopBadware, or over how the grant funds are used.
StopBadware is a nonprofit project, and is entirely funded through donations and grants. The financial support we receive from our corporate sponsors is provided as an unrestricted gift. The sponsors funding our work have no control over StopBadware, or over how the grant funds are used.
We are happy to count ourselves among the people and companies that are working in this space, but we feel that we are different for a number of reasons. Our definition of the problem is broad, as the term “badware” encompasses all software that violates user choice. Unlike many in this space, our roots are in organizations (.orgs and .edus) with independent traditions, so we are not afraid to call out badware creators, hosts, or distributors of any size. We want to work with both experts and the broader internet community to define and understand the problem of badware. We believe that our unique approach acts as a complement to the other efforts in the field, as we all share information and ideas to better reach the same end goal.
The information you share with us about your experiences with badware is recorded in an anonymized database. We use this information to help us spot trends and patterns, allowing us to put the spotlight on new badware producers and new forms of badware distribution even more quickly. The data we collect may also be made available to the public, including nonprofits, companies, government officials, and consumers, so that the rest of the world can pitch in and make their own valuable contributions to everyone’s knowledge of badware.
You can help us by telling those you know – family, friends, coworkers, and acquaintances – about the badware problem and directing them to this site, especially to our resources geared user education. If you are a website owner concerned about the negative impact of badware on websites, you can take steps to secure your site from future infection. If you have stories about your experiences with badware, please share them with us by using this form. Ask others to contribute their experiences and stories. You can also join our announcements mailing list and we will keep you informed of our progress. If you’d like to get more deeply involved in our work, a great place to start is in our BadwareBusters.org online community.
We know many of the most technically savvy readers of this FAQ have already ‘solved’ the badware problem for themselves by using and vigilantly updating anti-spyware software, avoiding suspicious downloads, maybe even by switching operating systems. Because badware is an evolving threat, it’s important to stay up to date to ensure that you protect your computer as best as possible.
Unfortunately, the problem of badware threatens far more than our individual security and privacy. Allowing badware to proliferate unchecked could threaten the open architecture of the internet, especially if governments and software manufacturers start making decisions about what you can and cannot run on your computer. We feel that a grassroots approach to the problem best targets the harmful effects of badware without also leading to a chilling effect on free speech on the internet.
You can help, even if you have successfully protected yourself against badware, by urging co-workers, friends and family to report their problems, and by working with us to help plan strategy. You can also help out by sharing technically detailed information about any examples of badware you encounter, using our web form here. Lastly, technically savvy volunteers are extremely helpful in our BadwareBusters.org online community, where StopBadware volunteers have successfully helped hundreds of internet users and website owners to handle badware problems and avoid spreading badware infections further.
Unfortunately, the problem of badware threatens far more than our individual security and privacy. Allowing badware to proliferate unchecked could threaten the open architecture of the internet, especially if governments and software manufacturers start making decisions about what you can and cannot run on your computer. We feel that a grassroots approach to the problem best targets the harmful effects of badware without also leading to a chilling effect on free speech on the internet.
You can help, even if you have successfully protected yourself against badware, by urging co-workers, friends and family to report their problems, and by working with us to help plan strategy. You can also help out by sharing technically detailed information about any examples of badware you encounter, using our web form here. Lastly, technically savvy volunteers are extremely helpful in our BadwareBusters.org online community, where StopBadware volunteers have successfully helped hundreds of internet users and website owners to handle badware problems and avoid spreading badware infections further.
At the moment, the data included in StopBadware’s Clearinghouse is generously shared with us by our data partners, for the purposes of increasing public education and for greater openness and transparency. As such, that data is not ours to share. Google has provided an API to share their data.
Google has placed warnings in its search results for websites that its testing has determined to host or distribute badware. If a Google user searches for a site that Google has determined to be potentially dangerous, they will see a warning in the search results.
Many sites that are the subject of Google’s warnings have been the victims of malicious hacking attacks, in which code linking directly to badware through exploits was inserted onto an otherwise innocent, but poorly secured, website. In other cases, a website with no intention to distribute badware hosts content (such as ads or hit counters) provided by a third party, and can inadvertently distribute badware through that content. If you are confused about why your site has a Google warning, there are strong odds that your site has experienced one of the above situations.
Google has an information page for users of its web search who are curious about the warnings, and another for owners of sites that are the subject of warnings.
Many sites that are the subject of Google’s warnings have been the victims of malicious hacking attacks, in which code linking directly to badware through exploits was inserted onto an otherwise innocent, but poorly secured, website. In other cases, a website with no intention to distribute badware hosts content (such as ads or hit counters) provided by a third party, and can inadvertently distribute badware through that content. If you are confused about why your site has a Google warning, there are strong odds that your site has experienced one of the above situations.
Google has an information page for users of its web search who are curious about the warnings, and another for owners of sites that are the subject of warnings.
Google independently checks the web for badware and badware-linking code, and places warnings in its own search results. StopBadware’s role is to help site owners who want to remove the warnings to learn about badware and website security. StopBadware also administers an independent review process through which a website owner can request the removal of a warning.
Although Google’s warning pages contain a link to the StopBadware.org site for more information, the decision to post a warning page is an independent decision made by Google, not by StopBadware, and does not reflect any testing or review by us in advance.
Although Google’s warning pages contain a link to the StopBadware.org site for more information, the decision to post a warning page is an independent decision made by Google, not by StopBadware, and does not reflect any testing or review by us in advance.
Please see our Request a Review page for information on how to have your site reconsidered by our data partners.
Here is how the StopBadware independent review process works:
- A website owner or other interested party learns that a StopBadware data partner is reporting a site to the Badware Website Clearinghouse.
- After following the steps described on our Request a Review page, the individual submits a request for an independent review.
- StopBadware processes the request, typically on the next business day. At this time, the URL is sent to the original reporting partner(s), so they may rescan the site for badware.
- If the partner(s) remove the site from their badware lists, the review is considered closed and the requester of the review is notified.
- If the partner(s) does not remove the site from their badware list, it enters a queue for manual testing.
- When the site comes up for testing (this may take several days, though usually less than two weeks), a StopBadware tester will attempt to verify the presence of badware reported by our partners.
- If badware behavior on the site is confirmed, the individual who requested the review will be notified of our findings and the review will be considered closed.
- If badware behavior on the site cannot be confirmed, StopBadware will communicate with the reporting partner(s) to try to resolve the discrepancy. Typically this will lead to either #4 or #7 above.
NO. It is not possible for someone to falsely report your site to Google or us and have a warning placed in search engine results for your site.
Google independently identifies sites that host or distribute badware. If it finds a site that contains or links to badware, it puts a warning page in the search results for that site. Google also informs StopBadware, after the fact, of its findings. If a search for your site leads to a Google warning page, it means that Google’s testing process has determined that your site either hosts or distributes badware and may be harmful to site visitors. Google does not post warning pages merely in response to reports from the public; it will only post a warning page after, and as a result of, its own testing of the site.
Google independently identifies sites that host or distribute badware. If it finds a site that contains or links to badware, it puts a warning page in the search results for that site. Google also informs StopBadware, after the fact, of its findings. If a search for your site leads to a Google warning page, it means that Google’s testing process has determined that your site either hosts or distributes badware and may be harmful to site visitors. Google does not post warning pages merely in response to reports from the public; it will only post a warning page after, and as a result of, its own testing of the site.
We understand that this may be an incredibly frustrating situation for you.
However, we have found that website owners often are not aware that their sites are distributing badware. This is particularly likely if a site contains content (such as advertising) that is provided by a third party or if a website’s host server has been hacked. In these cases, the third-party supplied content may contain links to badware, or the server hacks may have resulted in the insertion of code onto the site’s webpage that allows badware to be installed on visitors’ computers via security exploits. Several site owners who discovered that their sites had been spreading badware without their knowledge have told us they appreciated the opportunity to clean up their sites and learn how to prevent such problems in the future.
To learn more about badware that is placed on sites without the site owner’s knowledge, and for some tips on how to locate it and clean your site, please visit our Security Tips page.
However, we have found that website owners often are not aware that their sites are distributing badware. This is particularly likely if a site contains content (such as advertising) that is provided by a third party or if a website’s host server has been hacked. In these cases, the third-party supplied content may contain links to badware, or the server hacks may have resulted in the insertion of code onto the site’s webpage that allows badware to be installed on visitors’ computers via security exploits. Several site owners who discovered that their sites had been spreading badware without their knowledge have told us they appreciated the opportunity to clean up their sites and learn how to prevent such problems in the future.
To learn more about badware that is placed on sites without the site owner’s knowledge, and for some tips on how to locate it and clean your site, please visit our Security Tips page.
To preserve the integrity of its detection process, Google does not release detailed information about the results of its testing to the public at large. However, Google does offer some information to verified site owners through its free Webmaster Tools service and to the public through its Google Diagnostics page at http://www.google.com/safebrowsing/diagnostic?site=http://your-site-here .
We recommend using our Security Tips, and seeking assistance in our BadwareBusters.org online community, if you are having difficulties discovering badware on a flagged site.
We recommend using our Security Tips, and seeking assistance in our BadwareBusters.org online community, if you are having difficulties discovering badware on a flagged site.
Google makes a good faith effort to contact the owners and administrators of sites with Google search warnings. Google sends emails to potential site owner addresses such as webmaster@domain.com. Google also notifies site owners with Webmaster Tools accounts. To read more about Google’s notifications to webmasters, see the Google blog post about the notifications.
We continue to add to this FAQ as new questions arise. In the meantime, please contact us at contact@StopBadware.org . You can also join our BadwareBusters.org online community to learn more about the badware problem and share your thoughts on ways to promote a safer internet experience.