Regaining Control of Our Computers
|Home||About Us||Our Reports||Fight Back||About Badware||FAQ||Blog||Site Map|
I. General Definition of BadwareAn application is badware in one of two cases:
Both categories of badware are defined in detail in Section III below. Proper disclosure and consent requirements are discussed in general terms in Section II and, for specific categories of bad behavior, in Section III.
II. General Requirements for Disclosure and Consent
A. Initial Disclosure and ConsentPrior to installing the application, the application owner and any third party distributor or bundler must:
The above disclosure and consent must occur for both the primary application and every additional piece of software which is bundled with it.
B. Method of Disclosure and Consent
III. Specific Categories of Badware and Their Requirements
The StopBadware.org project investigates several important categories of behavior that users find annoying or objectionable. In each category of behavior, the most extreme cases generally constitute badware behavior. The less extreme actions in each category, may not constitute badware, but are still behaviors that users should be aware of. Therefore, software which does those things, but does not clearly disclose them to the user and receive the user's affirmative consent, is also badware. These guidelines apply both to the primary application and all applications that are bundled with it.
A. Software Which Installs Deceptively
Application installations must be designed in a manner that ensures that an application is installed by end users in a knowing and willful manner. Applications which install deceptively are always considered badware.
Included in this category are applications which behave as Trojan horses, allowing the installation of additional applications without the user’s knowledge. Automatic-updating is permissible, however, if the use of automatic-updates is clearly disclosed to the user during installation of the application and either is used only to make non-substantive updates to the application itself or seeks the user’s consent before making any changes. Automatic-updates may not modify other software or be used to introduce substantive changes to the original application’s functionality (including the introduction of any behavior described within these guidelines).Examples of behavior in this category include:
B. Software Which Does Not Clearly Identify Itself
Users should be able to determine, without undue effort or a high degree of technical skill, that an application is on his/her computer and that this application is in fact running. A downloadable application should not hide its existence when running or in storage.
Neither an application nor any of its distribution or bundling partners may mislead end users or create end user confusion with regard to the source or owner of an application or any portion of its purpose, functionality or features. For example, all elements of an application that are visible to the end user must clearly identify their source through the application's branding and attribution. Likewise, any time the software, or any bundled software, impacts the user’s experience (via visible actions or resource consumption), the software must identify itself as the cause of the impact. That identification, whatever form it takes, must correspond to the identification of the application in the menu that permits end users to remove programs. To enable identification of software-effecting performance, the name of the process visible in windows task manager must match the software name in add/remove programs.
Advertisements provided by the application (if any), must clearly identify the application as the source of those advertisements.
If an application modifies the operation or display of other applications or Web sites (other than properties of the application owner), then in each instance the application must clearly and conspicuously be attributed as the source of that modification, in a manner that will inform a typical Internet user.Examples of applications which do not comply with the requirements of this category include any application that:
C. Software Which Negatively Impacts Other Computers
Any application which contains a virus, worm, or other software that performs malicious actions against other computers constitutes badware and cannot be consented to by a user. Examples of this category include hijacking a user's computer for purposes of consuming bandwidth or computer resources, sending email messages, launching denial of service attacks, accruing toll charges through a dialer, etc.
D. Software Which Makes Changes to Other Software
This category includes applications which modify other software on the user’s computer. In general, applications which make such changes will be considered badware. Applications may, however, make certain relatively small changes to the functionality of a user’s web browser, so long as the changes are properly disclosed and consented to, and may be easily undone (see uninstallation requirements).Examples of behavior in this category that may be consented to include:
E. Software Which Transmits Data To Unknown Parties
If an application collects or transmits personally identifiable information to anyone but the end user, or if an application collects or transmits information that could contain personally identifiable information (e.g., Internet usage), then this behavior must be properly disclosed and consented to as described below. In addition, wholesale keylogging or complete remote control are behaviors that always constitute badware and cannot be consented to.Examples of behavior that may be consented to include:
F. Software Which Interferes With The User’s Normal Computer Usage
This category includes behaviors such as obstructive or intrusive functionality that interferes with an end user's Web navigation or browsing or the use of his or her computer, or repeatedly asking an end user to take, or trying to deceive an end user into taking, a previously declined action. When such behaviors make the user’s machine unresponsive or would force the average user to take an action that they would otherwise decline, then the application constitutes badware. In less extreme cases, an application may engage in the intrusive functionality if it is disclosed and consented to by the user.Examples of behavior that may be consented to include:
G. Software Which Is Not Easy To Uninstall Completely
An application must permit end users to uninstall it (in the customary place the applicable operating system has designated for adding or removing programs, e.g., the Add/Remove Programs control panel in Windows) in a straightforward manner, without undue effort or a high degree of technical skill. In addition, an application, when running, must provide (in an easily found location, such as in a "help" file or the like) clear and concise instructions on how it may be uninstalled.
Once uninstalled, an application must not leave behind any functionality or design elements, and all setting changes made by the application, but not explicitly agreed to by the end user, must be reversed to the extent practicable. It is, however, acceptable for an uninstalled application to leave a small number of trivial files, such as text files or graphics files (e.g., .gif). In addition, uninstallation of the software must also signal the end of all user obligations to the software producer (i.e., the software producer may not continue to charge the user for use of an application after the application has been uninstalled)
Finally, once disabled by an end user, an application must not be re-enabled without an affirmative action by the end user to explicitly re-enable the end user's application. Accordingly, no use, update, installation or re-enablement of a separate application, and no code downloaded as a result of browsing a Web site, may operate to re-enable an application.
Bundled software must provide either a master uninstaller that will enable the end user to uninstall every application in the bundle without undue effort or skill, or must allow for the uninstallation of each application separately in accordance with this section. If the uninstallation of a bundled application will cause another application in the bundle not to function, then the uninstall process should make this dependency clear to the user. If no such dependency exists in actuality, then implying such a dependency constitutes unethical and prohibited behavior.Examples of behavior that fails to follow the preceding rules regarding uninstallation and thus constitutes badware include:
Consumer Reports WebWatch is not receiving any corporate support for its participation in this program.
Copyright © 2006 - All content for this site is under a Creative Commons license