SpywareInfo HomeXcleaner
August 28, 2002


Guest, or gate crasher?

Mike Healan
August 28, 2002

Gator How many times has this happened to you? You're surfing around on the internet, hopping from one site to the next. As you leave one site, your computer hangs for a second and you look down to see why. "Bah! Another %$@# popunder!" As you go to close the offending window, you see that the contents are inviting you to install Gator Corporation's e-wallet software.

Most of us have had this experience. Gator popunder ads are seemingly everywhere. Writing a complaint to the webmaster of the site sometimes results in the ad being removed. It's not always easy to figure out which site actually produced the ad however, as these popunders quite often appear only after you leave the affiliate's web site. More than one baffled webmaster has received complaints from people about popunder ads even though their site uses no such thing.

These time-delayed popunder windows have even fooled Fred Langa, author of the Langalist newsletter. Ironically, in the very issue where Langa published an outraged letter from a person describing these popunders, further down he provided a link to a reader's site with the warning "Gator Download". As it turns out, Gailla.com does not in fact have any sort of advertising from Gator. Langa was confused by a popunder window just as millions of other people have been.

According to an article at CNet that ran in April, "Gator buys the ads by the thousands, but won't divulge what it pays. Sources in the ad industry say the company spends between $2 and $5 per thousand ads. Typical ad rates can run anywhere from about $7 to $20 for general rotation on a top site such as Yahoo. Gator also has affiliate relationships with many sites, which it pays $1 every time a visitor downloads its software."

Perhaps you've had another experience, one that many visitors of my site recount to me. It's an experience that I myself once had while testing something with my security settings set to "low". You're cruising through the internet and you get the popunder ad from one of Gator's affiliates. However, rather than offering you Gator, this ad thanks you for installing it. No prompt, no questions or dialogs, just a thank you for installing the software.

In the case of an Internet Explorer browser with its security settings lowered to where ActiveX controls can be downloaded and installed with no prompting, software from a plethora of adware companies can find its way onto your computer. This questionable practice has been dubbed "drive-by downloading" by the online community. Invariably, as complaints roll in about the installations, the software vendor blames the users for having their security settings too low. Sadly, this has been happening more and more often with such companies as Search-Explorer and Comet Cursor. Both companies claim to have recently ceased this method of distribution.

The published and unpublished reports of Gator popunders thanking shocked web surfers for installing its software, the Langalist incident, and also my own experience led me to believe that Gator Corp. was using these popunder ads to deliberately install Gator on computers with low security settings. In a recent edition of the Adbumb marketing newsletter, the author of Adbumb published a harsh letter written by me in which I said that Gator was sneaking it's software onto people's computers and hiding the source of the ad that installed it.

In response, Gator's chief marketing officer, Scott Eagle, contacted me to present his company's explanation for what had been happening. Mr. Eagle states that Gator Corp. hadn't taken low security settings into account when that installer was released. He says that it was a situation that was quickly corrected once it was discovered, not a deliberate campaign to install Gator software without permission. Below is the text of his statement.

The Gator Corporation has been accused of downloading software without an active acceptance by the computer user. This is completely untrue. Since every distribution method the Gator Corporation utilizes to promote our software requires a mandatory "I accept" consumer action as well as the showing of numerous education and informational screens, we feel the need to explain the cause of this misperception.

Approximately nine months ago, the Gator Corporation launched a new distribution program. During the initial trial, our software was downloaded onto a miniscule percentage of computers whose browsers were set to the "Low" security setting. We were not aware of this Windows security option - which essentially says "yes, I'll accept and trust software from anyone" - and would never have taken advantage of it. Almost immediately after the program launched, a consumer made us aware of this issue and we addressed it before the program was expanded beyond the trial stage.

A few months ago, yet another technical glitch was brought to our attention, which would have led consumers to believe themselves the victim of an unauthorized download. Specifically, a small percentage of users who again had the "Low" security setting were getting our advertising and then a communication that said "Thank you for installing Gator software" - even though they hadn't agreed to, or downloaded, a Gator Corporation application. Although our ad technology was smart enough NOT to download the software, many people were rightfully confused that they had inadvertently downloaded software, which they then couldn't find on their computers. This led them to assume we placed software on their system (when in fact, again, NO software was ever downloaded).

We fixed this advertising bug within hours of being informed of it and estimate that a very small percentage of consumers encountered this unfortunate miscommunication situation.

In summary, as a reputable company that has Industry leading Disclosure and Acceptance principles, every Gator Corporation software download includes a requirement that the consumer actively "agree to and accept" our Privacy Policy before getting our permission-based software. And again, all our distribution programs provide consumers with 3-5 information communications screens during the installation process. Plus we ensure that consumers can find our software listed in their start/program entries and that they can easily remove it if desired. After all, our business is about providing consumers with high value and useful software in exchange for the right to occasionally bring them advertising. So it is in our best interests to make sure we that we have good communications with each and every one of them during the term of our relationship.

This begs the question of how it is possible that a company that makes software as sophisticated as Gator can possibly not know the behavior of the browser it is designed to integrate with. However, Eagle says that the "glitch" was corrected soon after they heard from consumers about it. When asked just what exactly happens now when someone with low security settings happens across one of these popunder windows, Eagle answered "If we see a security setting of low, no verisign or ad is shown. This avoids any issue".

Obviously, I am biased against Gator Corp. However, my own experience with an auto install was a few months ago, so presumably I was part of the "very small percentage of consumers" who "encountered this unfortunate miscommunication situation". If Gator is no longer installing itself via "drive-by downloads", or even appearing to do so, that's fantastic. Given that my information was out of date, I'll send another letter to Adbumb to add this new information to my previous letter.

"Drive-by downloading" is a reprehensible method of distribution and is more than reason enough for a product to find itself targeted by such removal tools as Lavasoft's Ad-aware and PepiMK's Spybot. As I find new products using this method, I'll submit them to these companies and others for targeting. If you discover that some sort of adware or browser hijacker has installed itself using activex and neither of these products removes it, let me know and we'll give it a proper welcome to the privacy world.

Discuss this story

If linking to this article, please use this URL: http://www.spywareinfoforum.info/newsletter/archives/august-2002/08282002.html


Email Address

News feed
Privacy News

Privacy Software

iClean Macintosh
Internet Sweeper
Panicware's Popup Stopper
Pest Patrol
RegRun Security
Surf Pal
Windows Guide Network
ZoneAlarm Pro


About SpywareInfo
Contact us
Downloads Page
Latest Virus Alerts
Links Page
Link To Us
Lockergnome Tip
Past Issues
Privacy Policy
SpywareInfo Chatroom
Support SpywareInfo
Support Forums

All material on this web site is copyrighted
© 2001-2002 by Mike Healan. ® All rights reserved.

SpywareInfo banner designed by mockie