This month’s bad behavior pick, highlighted in order to help you understand how to steer clear of it, is AdwareAlert, a rogue anti-spyware application. The company that publishes this application is notorious for using deceptive tactics to lead people to their site to buy the product they offer. There are numerous affiliate sites set up trying to sell AdwareAlert – it’s easy to get caught.
Understanding the Threat
There are many genuine anti-spyware and anti-virus programs to choose from, but users must be cautious to avoid the rogue programs that exploit and prey on insecurities and lack of education among computer users. The aim of rogue anti-spyware software vendors is to produce an application that, at face value, appears to be useful in order to get users to buy the software.
Lavasoft's Support team receives a significant amount of e-mails from computer users that have downloaded, installed and paid for AdwareAlert, convinced that they have bought Lavasoft’s Ad-Aware. The customer then contacts Lavasoft for support, believing they have purchased our Ad-Aware software. Unfortunately, by this point Lavasoft cannot assist other than to have the user download and run an Ad-Aware scan to remove AdwareAlert.
The Bad Behavior
Rogue security software comes in different varieties. Some products defined as rogue simply fail to provide the reliable protection that a consumer paid for. Others are far more sinister, masquerading as legitimate security software, and using deceptive tactics to con users into buying their products.
Many rogue applications will run a fake scan and present bogus results along with a scare-tactic message aimed at getting the victim to buy the program. AdwareAlert's tactics are less hysterical, but are ultimately the same. Scan results are presented and the user must pay to remove those displayed results.
Where does the bad behavior really come in? The deceptive tactics actually come down to how the program is marketed. An extremely effective, yet simple, method used to increase rogue security software sales is to hitch a ride on the back of a well-known product.
It could very easily be argued that the publisher of AdwareAlert, C-NetMedia, is purposely exploiting the name Ad-Aware. The current version of their software is called “AdwareAlert 2008.” To the casual or hurried user, this could very easily be confused with Lavasoft's Ad-Aware 2007 software. The user may think that AdwareAlert 2008 is, in fact, Lavasoft's new product. Older versions of the C-NetMedia program were called AdwareAlert SE, an obvious reference to Lavasoft's prior program, Ad-Aware SE.
For a more in-depth look at this topic, spyware researcher Ben Edelman has recently published a critique of C-NetMedia’s anti-spyware offerings and advertising practices.
How can you avoid falling for a rogue security program? The experts at Lavasoft have some helpful tips, below, to make sure you rely on products with proven track records and reliability.
- Practice online skepticism. Be aware that rogue security software does exist on the web, and be vigilant about avoiding it. If you are suspicious about a product, check for reviews on trusted websites, magazines or from software outlets. Rogue applications often claim to be “the best on the market” and post deceptive review results on their own site where the product scores rave ratings.
- Do not blindly trust individual sites offering anti-spyware. Refer to reputable lists of trustworthy anti-spyware programs and rogue/suspect anti-spyware programs like the one on SpywareWarrior.com.
- Do not fall for scare tactics – get a second opinion. An almost universal trait of rogue anti-malware applications is for the scan result, at first glance, to display plausible results. However, in order to clean the detected items, you must “register” the product; this, in reality, means you must pay for the product. Visit a trusted source like Download.com, download a free anti-malware application, and scan again.
- Take advantage of our experts on the Lavasoft Support Forums to assist you if you suspect that an application may not be legitimate. If Lavasoft's researchers have not encountered the program, they will analyze it and add it to detection if it meets detection criteria.