AOL security tools raise adware questions

AOL is in hot water with consumer advocates because of problems in a licensing agreement used with its free antivirus software.

Just days after posting details of searches made by hundreds of thousands of subscribers, AOL is in hot water again with consumer advocates. This time the issue is with the company's Active Virus Shield anti-virus software, released last week.

At issue is the software's licensing agreement, which authorizes AOL to gather and share data on how the software is being used and permits AOL and its affiliates to send e-mail to users. "If you go through the installation, just as any normal user would, there is not the slightest hint of any advertising functionality or data gathering of any kind," said Eric Howes, director of malware research at anti-spyware vendor Sunbelt Software.

Active Virus Shield uses Kaspersky Lab's well-regarded anti-virus software, and comes with an optional security toolbar that blocks pop-up ads and manages passwords. The software is available for free to anyone who wishes to download it.

Although security experts, including Howes, say that Active Virus Shield does not behave in a malicious fashion or serve up unwanted ads, some are concerned that the product's end user license agreement (EULA) would allow AOL to send spam or serve up adware at some point in the future. "If it actually does any of the things stated in the EULA, we would actually flag it as spyware," said Christina Olson, a project manager with Stopbadware.org.

The Active Virus Shield agreement gives AOL much broader rights to collect information and then to share that information with third parties than typical EULAs, observers said.

A prohibition against blocking ads also caught Olson's attention. "If you have any ad-blocking software up, you're basically violating their EULA, which is ridiculous," she said.

AOL's licensing problems come at a sensitive time for the company. Earlier this month the Internet service provider weathered a public relations disaster after an AOL researcher inadvertently exposed data on about 19 million Web searches performed by 658,000 users.

AOL said it now plans alter the licensing agreement. "We are updating the EULA to address any concerns," said Andrew Weinstein, a company spokesman. "We are reserving the right solely to send periodic marketing e-mails that users will have the choice to opt out of."

Adding to AOL's troubles is the fact Active Virus Shield's security toolbar is based on a product with a questionable reputation. An earlier version of this software, known as the Softomate toolbar, is flagged as adware by Kaspersky's own anti-virus products.

"We don't use the earlier code because it was used by a malware provider," Weinstein said. "That's why Kaspersky looks for it."

While AOL's toolbar is not considered to be adware, observers say that AOL, which prides itself as a fierce opponent of adware and spyware, could have based its own toolbar on a better product. "I don't understand how a legitimate company like AOL provides software that can be classified as rogue," said Aviv Raff, a security researcher based in Israel.

After examining AOL's toolbar, Raff discovered a flaw in the software that would allow hackers to change the toolbar's configuration options. While the flaw does not in itself present a security risk, it could be used in combination with other types of malicious software to do things like pop up bogus search results, he said.

"The problem is similar to the Sony rootkit issue," Raff said referring to Sony BMG Music Entertainment's notorious copy protection software, which was found to be the source of security issues late last year. "A big company chose an external company's software and rebranded it as their own, later to discover it might be bad after all," he said.

Erik Larkin of PC World contributed to this story.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?