Security software or adware?

By Brian at 5:16 pm on February 1, 2008Comments Off on Security software or adware?

It recently came to my attention that Adobe is now including an option (which is checked by default) in their installers for Adobe Reader and the Shockwave player to install a Norton Security Scan program. I think this raises some serious questions about whether these companies can be trusted when it comes to maintaining security and privacy on one’s computer.

I know many people who consider Adobe and Symantec to be generally reputable companies in the software world. But here, they’re using a tactic that bears striking resemblance to one frequently used by malware:

  1. The user downloads a piece of software that he or she perceives as having value, such as KaZaA, the infamous Bonzi Buddy, or in this case, Adobe Reader or Shockwave Player.
  2. The software installer installs the downloaded software, but also installs additional software that the user did not originally intend to install. Some installers try to hide the fact that this is happening, but others (such as the Adobe installers) promote the software as something that adds value, with particular emphasis on the fact that the version being installed is free of charge. In the case of the Adobe installers, it even tries to scare the user into installing the software through the phrasing “…detects security risks that may have already affected your PC” (emphasis mine, see Figure 1.) Also, even though the user is given a choice, the checkbox is checked by default, and a user who is quickly trying to install the software to be able to view a PDF file or use interactive Shockwave content might click through the box without reading it.
  3. The additional software performs a scan of the user’s computer, and finds problems. The software then recommends that one of the company’s products be purchased to correct these problems.

While the Symantec software installed likely differs from most malware in that the scan performed is real, as opposed to malware that always finds problems (fabricating some if necessary), this still seems like an underhanded tactic on both Adobe and Symantec’s part. I find it particularly ironic that Symantec markets software that removes software that employs such tactics, yet it is apparently all right for them to use the same method to promote their own products.

Symantec’s full antivirus software is also notorious for being difficult to uninstall, and provides frequent alerts prompting the user to renew his or her subscription once it runs out.

This really shows that anyone can be an adversary, even a supposedly reputable security software vendor.

The offending option in Adobe installers
Figure 1. The offending dialog box in the Adobe installers

Filed under: MiscellaneousComments Off on Security software or adware?

Comments are closed.