News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Preston Gralla's picture
Preston Gralla

Seeing Through Windows

More posts | Read bio

September 25, 2006 - 11:03 A.M.

Beware! "Trusted" sites often host spyware and scams

6 comments

TRUSTe, which promises to help consumers by certifying only "trustworthy" Web sites as being safe, in fact certifies many sites that "that seek to scam users -- whether through spyware infections, spam, or other unsavory practices," according to well-known spyware researcher Ben Edelman.

More frightening still, TRUSTe-certified sites are twice as likely as non-TRUSTe-certified sites to host spyware or scams, Edelman found. Edelman examined more than 500,000 Web sites, and checked their safety using SiteAdvisor, whose robots check Web sites for spyware, and which uses other methods and test to check sites for spamming and other scams.

The results were startling: "Of the sites certified by TRUSTe, 5.4% are untrustworthy according to SiteAdvisor's data, compared with just 2.5% untrustworthy sites in the rest of the ISP's list. So TRUSTe-certified sites are more than twice as likely to be untrustworthy."

He cites several egregious examples, including Direct-revenue.com, which has been certified by TRUSTe even though it hosts spyware, and faces ligitation by the New York Attorney General and consumer class action suits, he says. Other TRUSTe-certified sites that host spyware, or engage in spam or scam are Funwebproduct.som, Maxmoohlah.com, and Webhancer.com, he claims.

The upshot? In essence, TRUSTe can't be trusted. If you see its seal on a site, consider staying away. Edelman recommends that TRUSTe establish solid rules against spyware and scams and then enforce them --- something he says that TRUSTe has yet to do.

Edelman, by the way is a Ph.D. candidate at the Department of Economics at Harvard University, a graduate of Harvard Law School, and has testified before Congress and elsewhere about spyware. He's probably the most authoritative expert on the planet about spyware. So you can trust him, even if TRUSTe isn't so trusty.

What People Are Saying

Add new comment

Edelman oozes sincerity for

Submitted by Anonymous on September 26, 2006 - 12:20 P.M.

Edelman oozes sincerity for the highest bidder yet again. This is nothing but an ad for SiteAdvisor.

SiteAdvisor is ADWARE itself! Once you install it, you get constant offers from McAfee to "upgrade" your protection by buying more McAfee products... ads you would not get without SiteAdvisor.

There might be an underlying truth to this TrustE issue, but when the source of this story is a piece of adware (SiteAdvisor) and its biggest shameless promotor (Edelman), who can tell?

Report this comment

I agree. Having read Preston

Submitted by Chris on September 26, 2006 - 3:22 P.M.

I agree. Having read Preston G.s stuff for a while I'm kind of surprised he just took Mr Edleman's word for it -- especially now that SiteAdvisor is just marketing tool in McAfees upsell strategy.
Also site advisors ratings aren't real time and don't always assess true threats.

Report this comment

As a neutral and casual

Submitted by Glenn Schulz CISSP-ISSAP on September 26, 2006 - 11:42 A.M.

As a neutral and casual observer of this posting, I did take time to visit the blog.truste.org site suggested by Carolyn Hodge and I reviewed their "strict set of standards" and "processes".

I find it interesting that they do not address spyware except indirectly, as it may relate to "PII" (Personally Identifiable Information). There is no wording in their standards that includes the terms "spyware" or "malware". From this I am left to infer that they will in fact provide their certification to sites that include spyware or other malware.

Some accuse Ben Edelman of self interests but it sounds like TRUSTe is obfuscating the issue.

Report this comment

Thank you for raising that

Submitted by Carolyn Hodge on September 26, 2006 - 7:40 P.M.

Thank you for raising that issue Glenn,

I don't want anyone to be left with the impression that we knowingly certify companies which publish adware or trackware, and that we aren't taking steps to address the gap in our standards.

As you note, our web seal program does not address standards for software, a shortcoming we realized as part of the Anti-Spyware Coalition meetings in early 2005, when we stopped accepting applications from any websites which offered suspect software. We are closing the loophole by developing the Trusted Download program http://www.truste.org/trusteddownload.php We issued a full set of program requirements in November 2005 which include definitions for syware and also standards for consumer notice, choice and control. All applicants to any TRUSTe program which are adware or trackware will be required to submit thier software to be certified.

It isn't obfuscating, but it does take some effort to gain consensus from internet companies, consumer advocates, anti-spyware companies and download sites (CDT, AOL, Yahoo!, CA, Download.com, and others) to create standards that can be applied to intrusive and harmful behavior without proscribing helpful and respectful software.

TRUSTe agrees the program can't be launched fast enough, we are in an invitation-only testing period and expect to launch imminently.

Report this comment

I agree with Carolyn, and

Submitted by Anonymous on September 25, 2006 - 4:56 P.M.

I agree with Carolyn, and would add that Ben has an interest in promoting Site Advisor. It might be useful if people actually started digging into Ben's research, assumptions, and interests before simply regurgitating his latest post. Ben's out to promote Ben Edelman, Inc., and a lot of people in the Internet privacy field neither like him or want to work with him.

Report this comment

Whoa! You might be throwing

Submitted by Carolyn Hodge on September 25, 2006 - 1:09 P.M.

Whoa! You might be throwing the baby out with the bathwater. TRUSTe, and our 2400 certified sites, definately do not agree with Ben's conclusions. If you read the paper, and not just his blog posting, which I encourage folks to do before jumping on the bandwagon, you can see that his underlying data set is SiteAdvisor. A great tool for consumers, but a completely different criteria, methodology and program, than TRUSTe. Both approaches have thier strengths and shortcomings, but to say that you are likely to encounter spyware and scams on TRUSTe sites is flawed. For more on TRUSTe's position on this paper you can read here: blog.truste.org

Report this comment

Related Posts

Who exactly is using Microsoft's new COFEE security tool?
Linux's dirty little secret: Uninstall
CIA fears hacked power grid (and CSoD)
California wildfires: new tech helps victims (and don't read this)

Today's Top Stories

Droid launch draws tech-savvy crowd
AMD graphics chip shortage hits PC vendors
First iPhone worm spreads Rick Astley wallpaper
Mozilla fixes Firefox crash bug
Update fixes iPhone sync problem with Windows 7 for some
First take: Apple's new MacBook offers sleek style, solid performance
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.