SMB - Building trust in downloads no simple feat

Trust's program aims to certify consumer software programs in the name of preventing adware and malware

In addition to evidence of unsolicited downloads carried out by affiliates, Edelman's concerns with Vomba relate to the company's close ties to Integrated Search Technologies, a sister company of the Montreal, Quebec-based firm. IST was the target of a complaint filed to the Federal Trade Commission (FTC) in 2005 for improper software downloads by the Center for Democracy & Technology, another online industry watchdog.

Edelman is also concerned with Vomba because the program will not run on VMware software, a tool frequently used by researchers to dig into the code of such programs to determine their implications. The researcher said there is "no good reason" for the program designers to block such access unless they have something to hide.

"The biggest problems with these types of programs today are typically the affiliate distribution systems, which encourage affiliates to go to great lengths in trying to generate downloads and income," Edelman said. "Even if these 'adware' makers have the right intentions in modifying their programs to meet the requirements of Trusted Download, they seem to continue some bad distribution relationships."

Edelman isn't convinced that the Trusted Download can't work, he just believes that based on the size of the problem, it will take a lot of time and effort for the initiative to have its desired impact across the ever-growing world of downloadable Web applications.

"It's a very difficult task, and the jury is still out as to whether they can actually monitor all the types of affiliate relationships that contribute to the spyware ecosystem," the researcher said. "I worry that it will be hard for them to monitor these relationships with the necessary accuracy."

Officials with Truste said they're disappointed by Edelman's observations but interested in hearing more about his research for the purpose of improving the program. However, the group does not believe that the ComScore and Vomba applications that have been certified are being installed inappropriately.

Truste also pointed out that the two applications in question have gained only "provisional" certification from Trusted Download, which means the vendors are still working to update their programs and get new versions into the hands of legacy users.

Older versions of the programs in question may still be abused by affiliates, lending confusion to the issue, according to Truste.

"We're definitely still learning and working on understanding all the complexities of monitoring distribution networks and models, and there may be certain models that we're unaware of, but we know that companies like ComScore and Vomba have limited their distribution networks as a result of our requirements," said Carolyn Hodge, director of marketing at San Francisco-based Truste.

"That's what we're hearing from a lot of companies coming to us, that they're trying to build credibility and get better control over distribution of their products," Hodge said.

Hodge said that Truste is aware of the relationship between Vomba and IST, but that it believes the company's claims that it is trying to create programs and use affiliate practices that comply with Trusted Download's goals. Truste also reserves the right to bar companies from the white list if any of their other applications are observed violating the initiative's policies.

Join the newsletter!

Or
Error: Please check your email address.

More about Federal Trade CommissionFTCHarvard Business SchoolHISTRUSTeVMware Australia

Show Comments