On BNET: Fix your remote like MacGyver
BNET Business Network:
BNET
TechRepublic
ZDNet

June 19th, 2007

Does Trillian have a crapware problem?

Posted by Ryan Naraine @ 10:26 am

Categories: Botnets, Browsers, Data theft, Exploit code, Hackers, Metasploit, Microsoft, Open source, Patch Watch, Pen testing, Punditocracy, Responsible disclosure, Spyware and Adware, Viruses and Worms, Vulnerability research

Tags: Trillian, Ryan Naraine

StopBadware.org researcher Liana Leahy has taken Cerulean Studios to task for bundling two third-party applications into the popular free Trillian IM client, arguing that users who are not careful during the Trillian installation process could end up with a crapware problem.

During the installation process, the default setting is for Trillian to bundle the Weather Channel Desktop and the Ask Toolbar, two products that could introduce security risks to PC users.

Trillian weather bundle

As a security researcher, Leahy concedes she should have known better than simply clicking “next” through the installation process (giving the company permission to install the bundles) but her experience is probably the same as the average end-user who pays little attention to EULAs and default checkboxes.

As far back as April 2007, the guys behind Trillian explained the bundling deals as an economic issue and insisted the installation will be “absolutely transparent and absolutely optional.”

But, as Leahy and others have discovered, crapware can sneak onto a PC if users aren’t vigilant.

The bigger issue for start-ups struggling to monetize free software offerings is what spyware research guru Ben Edelman calls “deceptive door openers.”

Ask.com, especially, has a checkered history with the way its search toolbar is marketed to end users. The company has been known to target kids online with promises of free smileys and advertising through other vendors’ spyware, according to Edelman’s research.

StopBadware’s Leahy stopped short of condemning the free Trillian as “badware” because the disclosure process is in keeping with established guidelines but it sure looks like the image of Cerulean Studios will take a hit.

Oh, by the way, Trillian just shipped a fix for an “highly critical” code execution vulnerability.

[ ALSO SEE: How to degunk a PC full of crapware ]

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 8 Talkback(s)
oops
I meant to reply to "Google, Google, Google" not the article. (Read the rest)
Posted by: JustMe2007 Posted on: 06/22/07 You are currently: a Guest | | Terms of Use
If People Are Too Stupid  bmore_bro69@... | 06/22/07
Stupidity or busy?  Raymond Danner | 06/22/07
I'm with you, Raymond  paul613 | 06/22/07
paul 613  peiper | 06/22/07
Google,Google Google  mames1701 | 06/22/07
Have you tried  fuzzy2k | 06/22/07
Completely Agree  JustMe2007 | 06/22/07
oops  JustMe2007 | 06/22/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
The more you simplify, the more you save
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
Learn more >>
The best support in the Linux business
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
Learn more >>
Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
Learn more about the free, six-month trial offer>>
Learn more about tools to grow your business
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
Save time with the UPS Business Essentials Guide
Keep Up With The Latest In Document Management with The DocuMentor.
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
Learn more >>
Reduce risk. Reduce complexity. Increase reliability.
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
Learn more >>
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More