After a few months of ongoing communication with StopBadware, Ascentive (operator of the website FinallyFast.com) has released new versions of its PC SpeedScan Pro and Spyware Striker Pro products. Both appear to address all of the issues that led us to labeling them badware. We have therefore updated and archived both alerts. Thanks to the company for keeping us informed about new releases.

After several months of ongoing communication, CyberDefender has released a version of its flagship suite, CyberDefender Early Detection Center, that appears to address all of the issues that led us to labeling it badware. We have therefore archived the alert. Thanks to the company for keeping the lines of communication open.

The folks at Real Networks, creators of RealPlayer, recently brought to our attention a new version of the software that addresses the badware concerns we raised last year. We have therefore archived our alert about RealPlayer and updated it to reflect the presence of the new version. It’s always good to see software companies respond in a positive way to the concerns of the community.

[Update 4/17/09: This alert is no longer active. See this blog post for more information.]

Today we released a badware alert about CyberDefender Early Detection Center:

We find that the CyberDefender ‘Early Detection Center’ application is badware because it fails to disclose the principal and significant features of the bundled ‘MyIdentityDefender’ Internet Explorer toolbar, which monitors users’ web browsing behavior and transmits users’ URL history to CyberDefender, and which changes the user’s default search settings to display a CyberDefender branded, advertising predominated search engine. The software installer also does not disclose that the Early Detection Center application will request and receive updates via a peer-to-peer network, which may unexpectedly consume users’ computer or network resources. Once installed, CyberDefender Early Detection Center may exaggerate the threat of harm from certain kinds of ‘spyware infections’ in order to induce users to purchase a license for the software.

We have spoken with the software producers, CyberDefender Corp., and they have indicated that they are working to address our concerns in an upcoming release. They requested, and we provided, feedback on proposed new language for both the installer and the product itself.

CyberDefender Corp. also pointed out that the bundled MyIdentityToolbar currently holds TRUSTe certification as "Certified Tracking Software," and that the company is working to receive similar certification for its other products, including Early Detection Center. TRUSTe, which is not affiliated with StopBadware.org, is a for-profit entity that offers certification based on an application’s adherence to prescribed disclosure requirements. Certification does not guarantee compliance with the StopBadware.org guidelines, but there is significant overlap between our guidelines and the certification requirements.

StopBadware.org released a badware alert about the Uniscope Toolbars today. These toolbars are produced and distributed by RPM Performance Media, and include variants such as “MySpace Guardian”, “Amber Alert Toolbar”, and “BizRate Bar” :

We find that the Uniscope Toolbars are badware because they fail to inform users that the software will function as adware by inserting sponsored websites into search engine webpages when users search for particular keywords, and because the software fails to identify itself as the source of these advertisements.

We attempted to contact RPM Performance Media through the contact options provided on their website, but we received only an automated response acknowledging our communications.

We currently recommend that users do not install MySpace Guardian, Amber Alert Toolbar, BizRate bar, or other Uniscope Toolbars, unless users are comfortable with the behaviors we identify in our alert, or until the applications are updated to be consistent with the recommendations made in our alert.

StopBadware.org released a badware alert about Spyware Striker Pro today:

We find that Spyware Striker Pro is badware because it does not disclose the fact that it installs additional “Performance Center” software which is registered to run automatically at startup, and fails to remove this software when Spyware Striker Pro is uninstalled.

The company responsible for Spyware Striker Pro, Ascentive, responded to our communications about the application by assuring us that they intend to release a future version of Spyware Striker Pro that will disclose the bundled installation of Performance Center in the software’s End User License Agreement and will remove the software when Spyware Striker Pro is uninstalled. Although these changes will be welcome, the application will not fully comply with our recommendations unless it also discloses the software bundling in a clear and conspicuous manner outside of the EULA.

Until such an update is released, we recommend that users do not install Spyware Striker Pro unless users are comfortable with the behaviors that we identify in our alert.

StopBadware.org today released a badware alert about PerformanceOptimizer:

We find that PerformanceOptimizer (Trial Version) is badware because it installs deceptively, makes deceptive claims of system vulnerabilities in order to induce users to purchase the full version of the software, interferes with normal computer use by repeatedly prompting users to take previously declined actions, fails to inform users that the software will function as adware by prompting users to install additional software (including known badware), and fails to identify itself as the source of these advertisements.

The company responsible for PerformanceOptimizer, SellMoSoft, appears to specialize in “rebranding” software products for consumer distribution. SellMoSoft directly distributes through PerformanceOptimizer several additional applications that we or others have described as badware or adware.

We attempted to contact SellMoSoft and PerformanceOptimizer through the support e-mail addresses on their websites. We received no response from SellMoSoft and only an automated response from PerformanceOptimizer.

We currently recommend that users do not install PerformanceOptimizer, unless the user is comfortable with the behaviors we have identified or until the application is updated to be consistent with the recommendations in our alert.

Today we are releasing a badware alert about XP Antivirus 2008. Here’s the summary from the alert:

We find that XP Antivirus 2008 (Unregistered Version) is badware because it makes deceptive claims of system vulnerabilities in order to induce users to purchase the full version of the software, because it interferes with normal computer use by automatically running a background process which repeatedly prompts the user to take a previously declined action, and because the software cannot be uninstalled using the Windows Add/Remove Programs tool, or without downloading an additional uninstaller.

In trying to contact the producer, Innovagest 2000, we noted that the support address for XP Antivirus 2008, support@xpantivirus.com, bounced as “user unknown.” (We did find another address for the company, support@innovagest2000.com, that worked, but we did not receive a response.)

Last Thursday, we deactivated our badware alert about the MySHCCommunity application produced by Sears Holdings Corporation. We deactivate an alert when the prevalent version(s) of the application appear to have addressed the issues we raised in our alert.

With significant input from StopBadware, SHC and developer comScore worked together to implement several changes to the application and the web pages leading up to installation of the application. While the application continues to aggressively monitor Internet usage, the user is now better informed of this behavior prior to installation and is made aware of the application’s presence while it is running.

SHC should be commended for its responsiveness to the privacy and security concerns raised by the community.