The high-powered StopBadware.org coalition has slapped a "badware" label on the
free version of the AOL 9.0 software program.
The group, which is funded by Google, Lenovo Group and Sun Microsystems, accused
AOL of installing additional software without telling the user; adding
components to the browser and taskbar without disclosure; automatically updating
software without user consent; and making the AOL 9.0 software difficult to
fully uninstall.
"We currently recommend that users do not install the version of AOL software
that we tested," according to a report released Aug. 28 by StopBadware.org.
The recommendation is a serious blow to AOL, which is already struggling with
user privacy problems related to the recent disclosure of search data of more
than 650,000 users.
The report said the AOL 9.0 software comes bundled with a number of additional
applications, including RealNetworks' RealPlayer, Apple Computer's QuickTime,
AOL You've Got Pictures Screensaver, Pure Networks' Port Magic, and Viewpoint
Media Player.
Click
here to read more about Google's funding of the StopBadware.org coalition.
"During the installation process the user is never clearly notified that AOL
will be installing these programs. The inclusion of two of these programs—QuickTime
and Viewpoint Media Player—is mentioned on a page entitled 'AOL Software.'
However, to reach the 'AOL Software' page, the user must click on AOL's Privacy
Policy (which is linked to from the third pre-installation screen), and then
locate and click on the second use of the word 'software' on that page," the
report said.
For advice on how to secure your network and applications, as well as the latest
security news, visit Ziff Davis Internet's Security IT Hub.
Apart from this sole reference, the user would not even know that several of
these programs—namely, You've Got Pictures, Pure Networks Port Magic, and
Viewpoint—were installed on the computer unless the user went to the Add/Remove
Programs feature, because these programs do not appear to install any links or
files on the desktop or Start menu, the report added.
The group said the StopBadware.org tests of AOL 9.0 found that the company uses
pop-up notices to force users to download new versions of software.
"Since this dialogue box has only one button—'Update Now'—and there is no 'X' in
the upper right-hand corner, the user [has] no way to close this box without
clicking 'Update Now.' Moreover, this box appears on top of any other windows
the user has open, taking up about 1/12 of the user's screen, which makes this
dialogue box almost impossible to ignore," the group said.
Forcing users to perform certain actions in this manner is unacceptable behavior,
the report said.
It also chided the company for adding the AOL Toolbar to users' Internet
Explorer browser without warning. "Telling the user after the fact that a
toolbar has been installed and then providing them with uninstallation
instructions is not adequate disclosure," the group said.
StopBadware.org said the AOL 9.0 software also adds two additional icons to
Internet Explorer's default tool bar without adequate disclosure during the
installation process.
Click
here to read more about "badware" accusations against Kazaa and others.
The coalition also found that it was difficult to fully uninstall the AOL 9.0
software. "After uninstalling AOL and all of its bundled components using Add/Remove
Programs, at least two AOL processes continue to run: AOLServiceHost.exe and
AOLHostManager.exe. It is unacceptable for AOL processes to continue to run
after AOL has been uninstalled by the user," StopBadware.org said.
The coalition, which is managed by Harvard Law School's Berkman Center for
Internet & Society and Oxford University's Oxford Internet Institute, discussed
its findings with AOL and said the company plans to take steps to address the
criticisms.
"With regards to uninstallation, AOL says that a design flaw in the uninstaller
mistakenly leaves executables running, even after a restart. The company says it
is working on a fix, and in the meantime, that the executables do nothing even
though they are running," the group said.
AOL joins a list of dubious companies in the "badware" category. The coalition
previously used the label on controversial peer-to-peer application Kazaa, rogue
anti-spyware program SpyAxe, download manager MediaPipe and screensaver utility
Waterfalls 3.
http://www.eweek.com/article2/0,1895,2009353,00.asp
