Computer security and ethics do not mix well together


Updated: May 29, 2009

If you have followed the Windows security scene recently and read my article on Softpedia and Comodo, you will have realized that Windows security heroes are not as pristine as they would like us to think. It seems that more and more security vendors are bundling their products with third party products that have nothing to do with security and have only one purpose - make the vendors richer, faster.

I have nothing against people making money. Developers deserve honest pay for their honest work. They ought to be able to feed their families no less respectably than a carpenter or a plumber or a tugboat pilot.

Teaser

Introduction

The above statements makes the idea of software being given out for free a bit problematic. How are developers going to make money, unless they sell their products?

Well, some companies have found the answer in advertisement. However, not just passive advertisement - active, aggressive advertisement. You get the product you wanted, for free, but you also get a bunch of third-party software. Packaged in the form of toolbars and other browser addons, these products monitor and tag your online experience, allowing third party vendors to better shape their marketing tactics so that you land on their products more frequently and buy them more often.

Overall, it is a food chain that should work well. Everyone gets their share. Money is distributed around, as it goes from user to advertisement companies and their customers and eventually, shares are given out to security companies that gave you their product for free, compensating them for their would-be initial loss. It should work well, except that it does not.

Many of these advertisement add-ons are poorly coded programs with security bugs and instability. Even those that are written with skill and care slow down the performance of your browsing as they process the ins and outs of your Internet experience. They weigh down the browser unnecessarily. And they also introduce a plethora of privacy implications that most people hard to swallow. Worse yet, they have installed these security products so they could get rid of security and privacy related problems in the first place. It's a boomerang.

Now, cream of the crop - some of the security products detect their own products, when not installed as their own addons, of course, as riskware, spyware, adware, and whatnot. Don't you find this rather hilarious - and sad?

How things ought to be

I have decided to write this article to tell my side of the story. And then, recommend a pair of security programs that have not gone over to the other side and decided to remain loyal to their users. While this causes them significant monetary loss, this has earned them the respect of their customers in the long run. Rather than going for the easy money, they have chosen the hard path and I salute them for that.

We should all promote fair consumerism, and part of it is also giving back to the company that actually cares about its customers. This can be done by buying their products, recommending them, advertising them, via donations, and by also raising awareness.

If you don't feel like reading my semi-political mantras, skip down to They were not greedy section to see what products I recommend.

Opt-in

Personally, I think third-party software should only be offered as explicit opt-in, meaning the users should check the boxes if they wish to install third party programs rather than a vague opt-out, with boxes already checked. The truth is, most people do not really read license agreements and skip through installation wizards with hasty mouse clicks, never really bothering to read or change default settings. This means that most people will have these third-party programs installed, never really bothering to know that they are using them.

Opt-in

In a way, the default pre-selection of additional software is trickery. Only in a small way. Not a legal one, because companies would not be doing it. But you make money on the fact your customers are illiterate, uncaring or confused. It's an abuse of trust.

Security products

Security products should not have any third party software bundled. Period. No matter how good, benevolent and useful these products are. If users needs them, they can download them separately.

I can tolerate non-security programs offering these addons. But the concept of programs supposed to clean users' machine of exactly this type of programs offering them as their baby darlings is rather disturbing. Can you see a paradox, a conflict of interests?

So what should we do?

This is a good question. Let the developers starve? Not at all. There are many solutions. First one, offer software for money. Pure, simple, no strings attached. But this can shrink the user base rather quickly.

Therefore, the optimal solution is to offer several versions of the product - a basic version that offers a basic set of tools for free. And then, several payware versions that unlock additional features. There you go. Simple and elegant.

I'm going to recommend now two companies, which took his path to making money. They both offer a reduced free version and a premium payware one. If you want to full version beyond the trial period, you will have to pay. As simple as that!

Most importantly, the products remain clean and pristine. They only do what they're supposed to do, no third party surprises. Companies make money, users are happy and loyal. Everything is dandy!

They were not greedy

So here are two companies that were offered lucrative advertisement deals and turned down. They preferred clean business ethics and respect from their customers over easy money.

Online Armor

homepage

Online Armor is a security suite for Windows. It started as an advanced firewall with HIPS features and turned into a comprehensive suite, including anti-virus, keylogger detection, Bank Safe Mode, limited user mode, and others.

I have participated in beta testing of Online Armor at one point and found it to be a good product. Advanced users may not have a need for the entire range of available features, but new users will appreciate the one-in-all combo. Online Armor is also very easy to use.

Online Armor 1

Furthermore, the company's CEO Mike Nash is active in security forums, talks to his users and listens to their needs and options. Not surprisingly, when he was offered to include a search toolbar into his product, he eventually turned down the offer. It was not an easy one to swallow, but as he reasons in his detail blog post, he did not want to end up with a user base that hated him or push a product that he would not personally use. Fair, especially in these dire economic times.

Online Armor 2

If you're interested in a Windows security suite, you may want to take a look at Online Armor. Software aside, you will definitely be using a product from a company that has high moral standards and respects its customers. That's worth something in my vocabulary.

WinPatrol

homepage

WinPatrol is a Windows registry and application monitor. The program will monitor for new installations, new services and autostart entries, scheduled tasks, registration of new ActiveX controls, hidden registry keys, and more.

WinPatrol 1

I have used WinPatrol in 2004-2005 and found it to be a useful program. While my computer skills do not necessitate the use of security software on Windows in general, computer users who are less sure of their knowledge or surfing habits and are afraid of contracting malware should consider using WinPatrol as a layer in their defense.

WinPatrol is also one of the few security products that will run on ALL Windows products, from Windows 95 up to Vista 64-bit. The program comes in two flavors, free and paid. The Plus version has access to the WinPatrol knowledge base and will respond to threats in real time.

WinPatrol 2

Bill Pytlovany, the developer of WinPatrol was offered to include search toolbars into his product on two (see this and this article) occasions and turned down both. This uncompromising stand on security and ethics is an example to all.

If you're looking for a security product that brings no surprises and is all about being clean and pure, WinPatrol is an excellent choice.

Spread the word

The best thing you can do is support Mike and Bill. Spread the word about their products. Let people know the integrity and quality of service you get their products. This is the best reward they can have for the tough choices they have made. And it is important that we show them our appreciation and prove that they have not given up their high-tech early retirement dreams in vain.

What you may want to know

The list of security programs that bundle third-party candies with their products grows every day. Some companies bundle their products but let you remove them if you do not need them, during the installation. Others force you to go about using would-be hacker methods to get rid of the unwanted addons. Some go as far as simply pooping on the customer and installing programs without asking the users in the first place.

I'm not here to wage a holy crusade of justice. That is not my call. Windows has its share of freedom fighters. I am a pragmatic soul, who believes in getting things done the best way possible. So I focus on good things. I can only recommend the good products. It's easier and the list is much shorter, by the way.

If you're interested, you may want to take a look at Installers Hall of Shame. And then, there's this forum thread, too. You will see a long list of security products that come with third-party products, but you will also see a list of unencumbered products that do not detect some of these products.

The decision of what is fair and reasonable is yours to make. If you find this whole affair a bit problematic, then I recommend what I did in the Comodo article - use Linux and forget the whole thing.

Now, since we live in a realistic world, there's the question of balance and reason. To sum it up, I would like to point out a few things. If you are a Windows user and want to have free-of-charge security software installed on your machine, then I suggest you follow the below checklist when choosing your products:

1) Make sure they do not bundle third-party software.

2) Failing that, make sure that you can deselect these addons during the installation. An example would be the Comodo firewall. You can install the product without having the Ask toolbar on your machine. You just need to be careful when installing. The same applies for numerous other non-security applications that also offer addons. In such situations, I try to judge the quality and usefulness of these products without emotional factor. If they can provide users with reasonable stability and functionality, then I see no reason why you should not use them. Just be aware that the ethics of people who have developed and delivered them to you are focused first and foremost on revenue.

3) Failing that, i.e. products that will not allow you to remove third-party addons during the installation, do not inform you of this, make the uninstallation afterwards difficult, partial or require that you use the command line - stay away.

4) Regarding clean products (like SuperAntiSpyware or Spybot S&D) that do not detect some of these third-party addons installed by their rival companies. I believe that you should not focus too much on these misses. No one product can detect all unwanted programs, even if misses are deliberate. Furthermore, legally speaking, some of these third-party products are not malicious, mainly useless and annoying. Companies avoid tagging them because they fear legal actions over the classification of products as spyware, adware and whatnot. I cannot blame the developers or Spybot or Ad-Aware for keeping their head out of the trouble. But this means that you cannot blindly trust their scan reports anymore, either, whether they come up clean or not. As always, your best bet is to use several products when running black-list type of scans on your machines. But the bestest thing is to make sure you have no grayware installed in the first place, completely avoiding the issue of whether it's detected by X product or not.

If you ask me whether you should have X, Y or Z installed on your machine, I suggested you go through the points above. Keep cool and detached and focus on practical matters. You cannot cure this world of its ills. But you can choose the best software for your needs.

I will compile a new Windows cool list soon. It may feature some of the products mentioned earlier, meaning we will be treading gray waters. I want you to keep emotions away and think about benefits. Can those products protect you? Yes. Can they be installed without addons? Yes. Can you trust their vendors and detection reports? Maybe.

What's the point of running them, then, you may ask? Well, there is none. I do not believe in scanning for malware on Windows machine. I believe in not installing problematic programs in the first place, case closed. Some people, though, have a need to keep their machines loaded with security programs. This gives them a sense of security, even if their notions are misplaced. But that's beside the point.

If you want free security products that work but their developers are not angels, you have several choices. If you want security products that will cost you money and are developed by people who have uncompromising integrity, use Online Armor and WinPatrol.

Conclusion

I believe this pseudo-rant is done. While I may soaped about a little beyond necessity, I hope I have delivered my message. The main goal of this article was to show you that in the world of blurred boundaries, greed and tough moral choices, there are still vendors who stick to the old principles and place their customer in the spotlight.

This quality is rare and growing rarer and we must make sure it does not vanish. You help by making your own voice heard and advertising the companies, your own way, in return for the advertising deals they turned down. Instead, they get freebies from you. Online Armor and WinPatrol are great products, mainly because of the people who made them.

Cheers.

RSS Feed icon

del.icio.us del.icio.us stumbleupon stumble digg digg reddit reddit slashdot slashdot



Advertise!

Would you like to advertise your product/site on Dedoimedo?

Read more

Donate to Dedoimedo!

Do you want to
help me take early retirement? How about donating
some dinero to
Dedoimedo?

Read more

Donate