Schneier on 'who owns your computer'

Posted on May 4, 2006 - 08:22 by luis

Bruce Schneier, security guru, has a great post this morning on 'who owns your computer.' It is a great summary of a lot of the issues we care about here at, Harvard, and Oxford- who owns and controls your computer, not just via badware, but via other methods. Go take a read and share it with your friends and family.

Is Newsworthy?

Posted on March 23, 2006 - 14:35 by luis

Suzi Turner, author of the excellent 'Spyware Confidential' blog at ZDnet, blogged about us last night. Mostly her post is right on, but I wanted to clarify our position on something she wrote:

I'd certainly agree that these four apps deserve the title badware. But is the bad behavior of these four software applications really new? Are these reports news?

As Suzi documents in her post, it isn't exactly rocket science to figure out that our targets are badware. So why is what we're doing news? Good question. For me, the answer primarily stems from our approach to providing information, not the information itself. We're explicitly targeting a very wide consumer market, and we're using design and the media to make sure that our message gets across to a large number of people.Take a look at any of our reports, and then google for other reports on the same software, and compare and contrast the style and organization. We're trying to make our reports very easy for average folks to understand, concentrating on whether or not you should download it (the big 'X') and the reasons why you shouldn't download it, put in plain English. As Suzi says, there is already a lot of information about SpyAxe (for example) out there, but it tends to contain lots of technical detail and obscure words like 'trojan' that we can't expect normal people to understand. And much of it is on forums and bulletin boards that are pretty intimidating to the average user, even while being a rich source of information. We hope our reports lower that barrier and make it easier for our non-expert friends and families to get at this vital information.
Not coincidentally, we think that using clear language and a consumer-oriented approach will help all of us influence those who provide badware. Aggressively publicizing and clarifying the information on specific offenders gives everyone in this space a much bigger stick to wield when dealing with those who would use software to deceive users.

So, what could we stand to improve on? A couple things come to mind:

* Interaction with other sources of information. If you looked closely at our SpyAxe report, you can see in our sidebar our first stab at 'What Others Have Found', documenting specifically what others have said about spyaxe. We need to do this more extensively, and eventually work towards becoming a true clearinghouse and center for collaboration. We welcome (on our mailing list, or to suggestions on how we can do this.
* Uninstallation advice. Right now we're only useful if you find our site (or look for our site) before installation, and use that knowledge to keep yourself safe. If you find us afterwards, we're still missing good information. This is a big goal for us to resolve in the near term- should we give step by step instructions? Link to other tools (which can imply endorsement, which is messy for a neutral non-profit like ourselves.)
* Clarity of our guidelines. As much as possible, we've tried to make our reports 'human readable'. We're aiming over the long term to make our guidelines similarly as readable as possible, so that software providers can clearly figure out what is and isn't acceptable, and so that normal folks can simply and clearly understand why a given piece of software is problematic.

Long term, we do have more ambitious goals, like helping people figure out what software their friends and neighbors are happy or unhappy with, and becoming more of a leader in core badware research. Those, we hope, will be even more newsworthy. But in the meantime, we do think we're providing a useful, clear, important service to the public- one that we hope will get even more useful over time- and that, we think, is newsworthy.

First round of reports out

Posted on March 22, 2006 - 00:26 by luis

After a month or so of reading feedback from users, researching what others have done, and discussing our guidelines, we're proud to release our first round of reports, covering Kazaa, MediaPipe, SpyAxe, and Waterfalls 3.

We had many goals in writing these reports. Just to name a few: we want to shed light on bad behavior, and help well-intentioned companies improve their behavior. We also wanted to create information that would be user-friendly- written in a style and with language that would be easy for casual users to understand, so that if they found these reports from a search engine, they'd get the message easily and quickly. And we wanted to get information that would help us refine our guidelines quickly.

We're still seeking feedback- we want pointers to programs to investigate, horror stories we can use in the media, and (now) comments directly on our reports, both so that we can find and fix problems in the reports, and so that people coming to our reports from search engines get more useful and richer information. We hope, with your help, that these will eventually be the definitive source on the web for information on these pieces of badware.