In the past couple of years, auto-update mechanisms that allow software applications to check for and install patches or new versions have become far more prevalent. Some software vendors have looked to push auto-updaters beyond the traditional “an update is available, do you want to install it?” format. Last year, Apple began using its updater to push additional software applications. Google’s Chrome browser silently installs updates, including new major versions, with no user interaction or notice. A new updater for Adobe Reader appears to be a hybrid of Chrome’s silent installer and more tradiitonal updaters.

On Wednesday, Feburary, 10, at 1pm EST, we will be hosting a public web chat to discuss auto-update mechanisms from the standpoint of balancing their security benefits with questions about appropriate disclosure and user control. Brad Arkin of Adobe will be participating, and the Google Chrome team has been invited to join, as well. The chat will incorporate VoIP audio (requires headset or microphone/speaker on your computer) as well as text, using dimdim’s Flash-based web conference system. Pre-registration is free and recommended. Just enter your e-mail address in the widget below. Feel free, as well, to help publicize this chat by clicking the “Share Widget” link.

We noticed a large spike of activity on December 31, 2009 on ThePlanet’s network block 21844. The data can be viewed here:
http://stopbadware.org/reports/asn/21844
It is quite obvious that a large number of websites were infected at the same time just as can be said of October 1, 2009. We created two lists of URLs for December 30, 2009 and December 31, 2009. Comparing those two lists we were able to determine which websites were infected on that day and resolved the IP addresses for each. Using a simple distribution analysis of infections per IP address we are able to see that a majority of the infections (353) are spread out across the IP space. However roughly 70 of the IP addresses have 25 infections each. The highest infections (between 32-84) occur on single IP addresses.

We have emailed the abuse team at ThePlanet with this information with the hopes they will focus their efforts on those particular machines.

174.120.120.151 84
174.132.194.9 84
67.19.140.10 77
67.18.123.220 44
69.93.161.54 32
70.85.61.66 26

It is important to note that this only represents the 2000 infections seen occurring on December 31, 2009. It would be trivial to analyze the remaining 14,000 infections seen on just that network block alone. As soon as we hear back from the team at ThePlanet we will be sure to help them with this.

EDIT: The spike on Oct 1 was due to an issue with our resolver and exists across the board.

Four years ago today, StopBadware.org was announced as a Berkman Center project, with the ambitious goal of fighting badware by building and sharing knowledge through the collective efforts of the community. As the project has evolved, our activities have changed, but the goal has remained the same. So, too, have the tremendous spirit and support of the dedicated individuals and organizations that make our work possible.

Over the past year, our small team has worked with the Berkman Center leadership, our corporate partners, our advisory board and working group, and other key volunteers to figure out how we could make StopBadware even better and how we could lay a strong foundation to carry the organization forward as we enter our fifth year. During this process, we made the difficult decision to leave the Berkman nest and spread our wings as an independent organization.

After months of planning, fundraising, paperwork, and more planning, the time has come. This morning, we announced that the work of StopBadware.org has migrated to StopBadware, Inc., a new non-profit organization based here in Cambridge, Massachusetts. While we have dropped the .org for vanity’s sake—it becomes cumbersome to say “StopBadware dot org” all the time—the spirit (and finances) of a .org still apply. In fact, even with the generous backing of our corporate partners, Google, PayPal, and Mozilla, it will be more important than ever for individuals to contribute to our success. Some of our most important work is done by people who contribute their time, whether assisting website owners at BadwareBusters.org, coding for LittleVoice, or getting involved in some other way.

In celebration of this new stage of our existence, we’ve updated our logo and colors, as well as some of the content on our website. Over the next few months, watch for more changes, both aesthetic and substantive, as we embark on this new adventure. As always, we welcome your feedback and guidance.

Finally, we want to express our gratitude to our founders and principal investigators at the Berkman Center, Professor Jonathan Zittrain and Professor John Palfrey, to Berkman’s executive director, Urs Gasser, and to the Berkman Center staff for making the past four years—and the future—of StopBadware possible.

The press release can be found here.

A couple years ago, we started building a new web platform to serve as the basis for our BadwareBusters.org online community site. One goal of the platform was to be easy to use for computer novices, while incorporating more advanced features for power users. Equally important was a goal of making it easy for someone to ask a question and for everyone else to easily see the most valuable responses and the most helpful users. Finally, we wanted the design of the site to facilitate the organic growth of a community organized around a particular interest.

The platform, which we named LittleVoice, is now in use by both BadwareBusters.org and by our sister project here at Berkman, Herdict, for their discussion board. While we're not sure we've fully realized the goals described above just yet, we think the platform is off to a good start. That's why we've decided to release the code as open source and post it on github, where anyone can take advantage of the initial release and/or contribute to making the product better. StopBadware's lead developer, Brandon Palmen, will be coordinating releases. Here are a few ways you can help:

• Contribute bug reports or feature suggestions via our issue tracker
• Tackle one of the existing bugs or feature requests (preferably one targeted for version 1.0.0)
• Review the existing code for opportunities to improve the code's security or efficiency

If you decide to use LittleVoice for your own online community, please let us know (feel free to add it directly to the wiki).

Everyone is talking about Google’s latest move with regard to China and there is a possibility they will pull out of the country. If that were to occur there is the possibility that China will begin blocking Google from within the country. This raises some interesting questions for us here. Google provides the badware URL feed to Firefox browsers which prevents web surfers from viewing pages laden with infections. Will this tool continue to work for those in China?
We also receive appeals from Chinese webmasters whose sites have been infected, that produce warnings in Google’s search results. Will we see a drop off in appeals? Will those webmasters have the ability to use Google’s webmaster tools to manage the process of delisting themselves once they’ve cleaned their infection?