Microsoft's New Dangerous Game

Just when you thought it might be safe to plug in your network cable

again, the news of the day brings you right back down to earth.

Yesterday, Microsoft was forced to deny

(http://www.zdnet.com.au/news/software/0,2000061733,39201837,00.htm)

that it is giving special treatment to a company that appealed its

product's designation as quarantine-worthy spyware by the software

giant's AntiSpyware system. That Microsoft is reported to be mulling

the purchase of Claria (formerly Gator), the spyware company in

question, forces us to reconsider our recommendation of the MS

AntiSpyware infrastructure.



Pardon Our Compliments



Here at Cafe ID (http://www.cafeid.com), we've gone out of our way to

applaud what we saw as new efforts toward consumer-friendliness and

fair, open business dealings underway at Microsoft. We cheered

Microsoft's decision to purchase and distribute free of charge Giant's

excellent anti-spyware software and the steps MS has taken to lock

down Windows.



Almost every article of praise, however, has had to be tempered with

some sobering look at evidence that makes us feel silly for suggesting

that there may be fundamental changes for the better afoot in Redmond.

Whether it's a tired campaign of FUD (fear, uncertainty and doubt)

against its Open Source competition, its refusal to release the

forthcoming IE7 with its security enhancements for Windows 2000 or its

apparent shift toward a subscription model for all its system

software, Microsoft has taken two steps backward for every step it has

taken in the direction of competing fairly on the merits of its

products and having a basic respect for the security and privacy of

its vast and essentially captive customer base.



This newest episode is the second time we've had to revisit our stance

on what we had originally seen as one of the more positive

developments at Microsoft. The Giant anti-spyware tool was one of the

best on the market, justifying its price by often finding and removing

things that the most popular free tools left behind; and the engineers

did a great job of rebranding the product and integrating it into

Windows' nice notification and auto-update systems. Now, with one

simple, fundamental change, Microsoft has cast a shadow of doubt over

the whole anti-spyware project, and Microsoft casts a long shadow indeed.



Ignore, Quarantine or Remove?



Here's the story, in a nutshell: Researchers discovered that an

updated MS Anti-Spyware utility's recommended course of action for

dealing with Claria's malware is to ignore it as if it were benign

where, formerly, it recommended quarantining what it found. People

tend to trust and follow the recommendations of the anti-spyware

utility, and recommending the disabling of Claria's product put a

major dent in that company's efforts to track the behavior and

preferences of and target with pop-up ads the estimated 40 million

people who have, whether they knew it or not, installed the software

onto their computers.



All companies are afforded the opportunity to appeal the status of

their products with Microsoft, and on its Security website

(http://www.microsoft.com/athome/security/spyware/software/claria_letter.mspx),

Microsoft states that it handles "all vendor requests in the same

manner" and that it reviews all software "under the same objective

criteria, detection policies, and analysis process." In its denial,

Microsoft stated that no exceptions to its policies were made for

Claria and points out that customers are still notified of the

presence of Claria software and given the opportunity to remove it.



To be fair, according to Alex Eckelberry at the Sunbelt Blog

(http://sunbeltblog.blogspot.com/2005/07/update-on-clariamicrosoft.html),

which is run by a company that sells a version of the same Giant

software, a number of other notorious spyware programs, including

WhenU, WebHancer and Ezula TopText, have also been downgraded to

"ignore" status. Eckelberry states that "the Claria downgrade is

quite likely part of a bigger picture regarding Microsoft's listing

criteria for adware."



If this is supposed to be comforting, however, it isn't; and anyone

who has ever spent time fighting to clean up a computer that has been

infected with those all-too-familiar malware products is going to be

nauseated that the recommended action for those is, according to the

soon-to-be universal anti-malware utility, to ignore them.



The problem with Microsoft's approach, as usual, is its efforts at

obfuscation. The company hasn't published either Claria's appeal or

its own response to Claria, and while it claims to adhere to

"objective criteria" and detection policies, it's not clear that a

strict set of rules for compliance exists. Microsoft's own

explanation

(http://www.microsoft.com/athome/security/spyware/software/isv/analysis.mspx)

leaves plenty of room for subjectivity, using language like "The

criteria categories include, but are not limited or restricted to..."

and "The context, intent, and source of the program are taken into

consideration..."



Malware purveyors have made threats and initiated lawsuits

(http://www.benedelman.org/spyware/threats/), and it's important to

know why Microsoft would make a change to an existing policy with

regard to a particular piece of malware. Its customers deserve to

know why it's now okay to ignore a piece of malware that was

recommended for quarantining only days before. We suspect (and

suspicion seems to be the best policy with regard to Microsoft) that

this particular change has little to do with changes to Claria's

malware, but rather that there is something larger at play.



If You Can't Beat 'Em...



The New York Times, on June 30, reported that Microsoft "has been in

talks to buy [Claria]" for $500 million in an effort to catch up with

Google, an advertising, as well as search, behemoth. Both companies

refuse to comment, and the possibility that the story is totally false

or is a leak designed to either discredit Microsoft or a potential

deal with Claria cannot be dismissed.



The Times reports that there is a bitter debate within Microsoft

between those concerned about the company's already-refined Big

Brother image and those concerned with profiting from the "anticipated

increase in personalized advertising." The article suggests that both

CEO Steve Ballmer and Chairman Gates have been involved in the debate,

though it only says that Ballmer has been pushing to close the gap

with Google. It has even been speculated that the anti-Claria faction

within Microsoft leaked the story to the Times and to the Wall Street

Journal to fan flames of public outcry against the purchase.



For its part, Claria has moved beyond its origins as the straight-up

malware menace named Gator, which came famously bundled with the

wildly popular peer-to-peer file sharing utility Kazaa, and is now

moving toward a broader vision of personalized web services that take

advantage of Claria's ability to track and analyze the behavior of

millions of people who, for whatever reason, have the software installed.



Microsoft is presumably interested in the Claria product Gain and a

database (reportedly some 120 terabytes in size) chock-full of

ill-gotten consumer data, which could give them a leg up in

personalization of MSN Search similar to Google's hugely-successful

Adwords program.



Google's efforts to personalize and target its advertising, however,

don't render people's computers unusable and it works without the kind

of monitoring and intrusion for which Claria is infamous. And one

wonders why Microsoft, with ready access to practically every PC

desktop on the planet, can't personalize its software without buying a

malware company for half a billion dollars. Aren't there better uses

for that kind of money?



There may well be nothing to the rumor or to the downgrading of the

threat posed by Claria's software by Microsoft's nascent AntiSpyware

infrastructure. But there's lots of smoke here, and consumers

accustomed to being burned are right to be looking for the fire. Two

Microsoft personalities, one transparent and cooperative, the other

secretive and combative, seem to be engaged in an epic internal battle

at the same time the company is being attacked like never before by

actual competition.



How it all plays out will be interesting to watch; but more

importantly, it will define, for better or worse, the status quo of

personal and business IT for years to come. Your voice is important

in this battle, and now would be a very good time to make your desire

for computing privacy and security that doesn't take a back seat to

targeted marketing known. In the meantime, we still recommend using

MS AntiSpyware with the following caveat: You can no longer rely on

Microsoft's recommended course of action for malware MSAS detects.