Adware Prevention Tutorial

Adware Definition

This page explains what adware is, gives some information about who writes if, and discusses business models that encourage the development of adware.

What is Adware?

Adware programs to cause a computer to display advertising normally using popup ads. Generally, it is considered to be a subset of spyware since most adware will collect information about the habits of the person whose computer it runs on. Adware is NOT a virus and usually is not detected by anti-virus scanning programs. Adware is legal so long is it is installed without hacking a computer system.

Adware is normally legal so long as it spreads without hacking a computer system. In the past it commonly came with a utility program such as FreeZip but today, adware is more aggressively installed on computer systems although this installation may not be done directly by the adware creators. It does not spread the same way as most viruses spread. Although some producers of adware have some integrity and allow removal of their programs without great difficulty, I consider adware or spyware to be worse than viruses because of the fact that in many cases it is deliberately written so it cannot be removed. It can also cause serious operating system instabilities.

Who writes Adware Programs?

Adware programs are written by supposedly legitimate companies. Some, but not all, of the companies that create them have little or no integrity. Many times adware is installed on the victim’s computer without their knowledge or with little indication about the consequences of an action. Also many times the adware program is designed to prevent its own removal. In one case an adware program we had to remove would try to respawn itself if you tried to kill its process. This was done to prevent its removal.

Adware Business Models

There are several business models that may instigate the propagation of adware. Let’s consider three fictitious companies that have three sets of different but complementary goals. They are:

  • Widget Manufacturing, Inc. – Has widgets for sale and wants to advertise them.
  • World Wide Advertising, Inc. – Has several clients that want to advertise their products including Widget Manufacturing and would like to serve ads on computers and websites to advertise these products. They may get paid based on the number of ads served or by a percent of sales though their advertising. Either way they want to serve ads.
  • Advertising Aid, Inc. – This company promises to help serve advertising for advertisers. Their goal is to get advertising programs installed on as many computers as possible and probably get paid based on the number of computers they install adware on.

In this example, either Advertising Aid or World Wide Advertising may write the adware software but in most cases World Wide Advertising would write it. Therefore the interaction between the three companies would work as follows:

  1. Widget Manufacturing hires World Wide Advertising to run ads for them and possible pays them for each ad impression run.
  2. World Wide advertising writes adware software that can be legitimately removed and hires Advertising Aid to help find a way to get the software installed on computer systems.
  3. Advertising Aid can get the advertising software installed using various methods which include:
    • They can bundle it with a useful free utility (such as FreeZip file unzipping software) so installation of the useful utility will also install the adware. They may write the utility themselves or get it from someone else.
    • They may trick users into clicking on an advertisement and answering yes to a question when the answer actually allows software to be installed and the user thinks they are answering a different question.
    • They may take advantage of vulnerabilities in web servers and/or web surfers browsers or operating systems to install their software without the user’s knowledge or consent.
      • In the July/August 2004 timeframe there were concurrent vulnerabilities in web servers causing web sites to become vulnerable to attack. The websites were infected with software that would install an “agent” piece of software on systems whose user’s would visit the infected website.
      • The agent software on the victim’s computer could then download and install any software the creater of the agent wanted including trojans, spyware, and adware.

If Advertising Aid uses the method of bundling the adware with a free utility then that is the most legitimate method. The second method is sleezy and a violation of the computer user’s rights. The third method is illegal since it is essentially a computer hack. However it can be difficult to catch the persons who do this kind of hack unless the website that was attacked keeps good logs.

Part of the point for showing this model is that the advertiser and possibly the company that wrote the adware software are legitimate companies that would not do anything illegal. However, they should be more careful who they do business with. If this business model only contained two companies with one company advertising a product, and the other company serving ads, creating the adware, and getting the adware on people’s computers, the second company is more likely to be more aggressive and write their adware so it is difficult to remove.

The solution here is that the companies that would like their product advertised must be more careful who they do business with or they should share the liability and consequences of the damage done by these types of programs.