180Solutions Issues 'Mea Culpa'
Earlier this week, Security Fix called attention to yet another example of 180solutions' ad-serving software being installed without user consent. The guy who recorded the video of the whole episode, Harvard Ph.D. student and spyware hunter Ben Edelman, refused to tell 180solutions anything about the distributor involved, because as he explained on his blog, the last few times he posted such examples in public "180 trivialized the finding and issued a self-serving press release. Rather than admit that their software still becomes installed improperly, 180 danced around the issue and tried to use these wrongful installations to obtain a public relations benefit."
Sure enough, soon after that post 180 put out a press release saying it had terminated its relationship with the distributor responsible for the rogue installs, and that it had "remessaged" the affected users (sent them pop-up notices) to let them know about the fraudulent installs.
Well, according to a post on 180's own blog today, the bad guys that the company went after were a different group of distributors who also happened to be installing 180's Zango search assistant without user consent.
"The primary breakdown here was not with our software, although our software was certainly hacked. No amount of software development will ever make any software completely bulletproof," 180 co-founder Keith Smith said in the blog. "The primary breakdown here was in our reporting and detection mechanisms. In the end, the mechanisms we have in place were able to help us find the bad guys. But, in our opinion, that process took too long, and for that we apologize."
Allow me to add my 2 cents here: The primary breakdown is that as long as there is a strong economic incentive, hackers will always find a way to game 180's system to fraudulently install the adware. (Computer-security firm Sunbelt Software also has an interesting post on this issue in its blog.)
The comments to this entry are closed.