Do you think that a license -- in which a user clicks "yes, I agree" at the end -- gives users enough of a warning?

Absolutely not.

Why?

This would involve a drastic change in how software companies relate to their end users. Just imagine the loss of control one would have over [one's] private computers. Or even how this could affect corporate users who would then have no choice about what product solutions they were able to implement. We find the very idea unacceptable and quite impossible to implement.

What do you and Lavasoft plan to do about RadLight's new software?

We have been discussing the possibility of this tactic for quite some time now. What they in effect did was to change their end users software environment without warning. So when our worst case scenario was actually presented to us, we were already prepared. We quickly released a fix for this exploit. As we now consider RadLight's previous offerings to be malicious, we will continue to monitor their subsequent releases for this type of activity.

The battle with RadLight is really just one of many battles that you've waged against spyware. How did you get started in this business? When did you write the code for Ad-Aware and why?

Ad-Aware actually began with a simple Aureate removal tool [Aureate produced one of the first versions of so-called spyware in 2000]. As users became comfortable with it, and confident of its effectiveness, they began to ask for the detection and removal of an ever-increasing number of identified components. Ad-Aware has quite simply been a work in progress as each new reference file and upgrade has been in response to our users' needs. With help from dedicated volunteers, we have even been proactive, identifying components before they were asked for by our users. We don't see an end to our development efforts as there are literally several new advertising schemes being developed every month in response to our product's effectiveness.

How do you make money? Ad-Aware is also free, so what's your business model?

We do offer an enhanced version of Ad-Aware called Ad-Aware Plus, [which costs $15]. But money is not the primary goal and has never been; it's mainly used to pay the server and bandwidth costs. We all have "regular" jobs or are students, and do this in our spare time (although it uses up a lot).

How has the battle developed? Before RadLight, were there other forms of spyware that tried to defeat Ad-Aware? And if so, how did you handle those situations?

For the most part, the developers of these applications have done their best to hide from Ad-Aware. It has been a game of cat and mouse from the beginning. RadLight was the first case of an attempt to defeat our software through removal. This was a scenario we have discussed for a long time, but had felt that the developers would not use it due to the dubious legalities involved. In fact it could be seen as illegal. So we prepared for it, but didn't implement it as we saw it being a remote possibility. Now that RadLight has let the genie out of the bottle, we expect others to attempt this as well. So we will aggressively monitor for this activity and if it is discovered, will quickly counter it and then expose the offending party publicly.

Do you have any plans to sue?

The developers of RadLight have learned a difficult and painful lesson. The public in general, and the privacy and security communities specifically, have shown their company that they are neither blind to, nor tolerant of malicious code distributed by any official software vendor. The outcry was immediate and quite deafening, causing them to reevaluate their tactics. At present, we don't see a need for legal action.

Is there any kind of spyware that you find acceptable? Are those that let people opt in, for example, allowable? Or what about ad software that doesn't collect personal information but just serves extra ads?

It isn't a matter of what Lavasoft will or will not approve of. If our users find the activity unacceptable, then we will meet their needs. In the end, it is the public that will decide what is appropriate. So to this end we have implemented features that will allow the user to choose their own level of comfort. They have the choice to exclude and/or ignore any component targeted by Ad-Aware at their discretion. And when removing the components found, we have supplied them with a backup feature that will restore anything removed by Ad-Aware should they choose to.

But if your program works correctly, it removes the revenue stream for companies that offer their software for free. Some have argued that spyware is a great way to encourage development of new and interesting software because it gives creators a way to distribute their programs to a large crowd while getting compensated for their efforts.

The argument is really irrelevant. If a developer chooses this business model, then that is their right. But in this, the end user also has a right to choose what is or is not installed on their systems. Many of these bundled "ad systems" are poorly written and try to dig themselves so deeply in a user's computer that they are close to impossible for the average user and extremely difficult for the advanced user to find and remove. So to this end, Ad-Aware is needed to ensure that the user always has the choice.

Do you have an alternative plan for developers who want to earn money from their code?

A specific plan? No. However we do have some pertinent advice. Lavasoft began as nothing more than a dream. With hard work and a specific plan for the future, we have been able to achieve the success we now enjoy. We feel that the ad-sponsored model is nothing more than a quick fix. What we would say is that developers need to find a community willing to support their efforts and help them to grow in their art and to learn from experience.

The fight seems to keep changing; whoever writes the last batch of code has an advantage. How do you plan to keep up against so many opponents -- especially in cases when your competition has more money?

Money is an important issue, but not as important as your question would imply. True, we will be busy, and this will only get worse as time goes on. But what your question fails to acknowledge is the character of the people involved. Our core of support has always been dedicated volunteers that take over support functions, do research and beta test so that we can continue the development work. Our users are our strength.

Recent Stories