[Update 4/17/09: This alert is no longer active. See this blog post for more information.]

Today we released a badware alert about CyberDefender Early Detection Center:

We find that the CyberDefender ‘Early Detection Center’ application is badware because it fails to disclose the principal and significant features of the bundled ‘MyIdentityDefender’ Internet Explorer toolbar, which monitors users’ web browsing behavior and transmits users’ URL history to CyberDefender, and which changes the user’s default search settings to display a CyberDefender branded, advertising predominated search engine. The software installer also does not disclose that the Early Detection Center application will request and receive updates via a peer-to-peer network, which may unexpectedly consume users’ computer or network resources. Once installed, CyberDefender Early Detection Center may exaggerate the threat of harm from certain kinds of ‘spyware infections’ in order to induce users to purchase a license for the software.

We have spoken with the software producers, CyberDefender Corp., and they have indicated that they are working to address our concerns in an upcoming release. They requested, and we provided, feedback on proposed new language for both the installer and the product itself.

CyberDefender Corp. also pointed out that the bundled MyIdentityToolbar currently holds TRUSTe certification as "Certified Tracking Software," and that the company is working to receive similar certification for its other products, including Early Detection Center. TRUSTe, which is not affiliated with StopBadware.org, is a for-profit entity that offers certification based on an application’s adherence to prescribed disclosure requirements. Certification does not guarantee compliance with the StopBadware.org guidelines, but there is significant overlap between our guidelines and the certification requirements.

StopBadware.org and Consumer Reports WebWatch today are introducing in beta BadwareBusters.org, a new online community for people looking for help removing viruses, spyware and other badware from their computers and websites.

We¹ve seen from our collective experience that there wasn¹t a central place where people with no prior knowledge about "badware," or destructive software, and its effects could go to ask questions and get answers. BadwareBusters.org hopes to fill that need by using a "wisdom of the crowds" model to build a dedicated community of participants.

We hope, as well, that all members of the community will contribute to an ongoing dialogue about badware: how to define it, which applications to watch, how to protect against it, and so on.

The site uses an algorithm-based reputation and rating system to help people identify the most useful content and most helpful users. The idea is for the site to be easy for novices and experts alike, with a community made up of computer newbies to active techies. We hope, as well, that all members of the community will contribute to an ongoing dialogue about badware: how to define it, which applications to watch, how to protect against it, and so on.

We would love to tap your expertise (and/or answer your questions!) and get your feedback on BadwareBusters.org as we pilot the new site. Please get involved in the online community and send us your tips for how we can improve the site.

StopBadware.org staff security researcher Oliver Day has a guest blog post at SecurityFocus that explores the relationship between Microsoft’s anti-piracy measures and the number of vulnerable Windows machines around the world. His conclusion:

The simple answer is that the current WGA policies from Microsoft significantly extend the lifetimes of vulnerabilities, sometimes indefinitely.

Follow the link above to read his full, thoughtful post.

McColo, a web hosting company, was taken offline by its network peer, Hosting Electric, after reports by Jart Armin of HostExploit and Brian Krebs of the Washington Post implicated McColo as a major host of spam.

As you can see, there has been a significant drop in spam reported to SpamCop since McColo was taken down. While likely temporary, it does indicate that the reports were accurate in their assessment.

Even as I applaud the efforts of journalists and security researchers to cut off spammers and malware purveyors at the source, I wonder about who else is negatively affected by these takedowns. Surely McColo and previously-taken-down Intercage had legitimate customers, owners of websites and/or domain names that they used for their personal blogs, their small businesses, their family photo albums, and so on. What happened to those users when their providers and their sites suddenly became unavailable? This doesn’t necessarily make it wrong to shut down the providers, as the disease (spam, malware, etc., affecting potentially millions of people) is almost certainly worse than the cure. But it does raise the question of whether we can find ways to hit the bad guys where it hurts, without also hurting innocent bystanders.

If you have thoughts on this, please let us know in the comments.