Will StopBadware.org stop much of anything?
This week a new organization called "StopBadware.org" launched. The initiative is driven by some educational heavyweights like the Berkman Center at Harvard and Oxford's Internet Institute, with some Consumer Reports fairy dust thrown in for good measure. These folks aim to basically provide a Consumer Reports like function to report software that contains bad stuff (spyware, trojans, etc.) embedded and should thus be avoided.
If consumers go check out this site, they can find out if the application is on the "bad list" and should thus be avoided. This is a very good concept, but the likelihood of success is minimal at this point.
Gosh, being a party pooper again and it's not even happy hour yet (actually it's about 2:45 in ATL). That's right, I don't think a Consumer Reports type of function is the answer to stopping badware. Why? Because the people that really need to check out StopBadware.org won't. Most consumers are not educated enough to know they shouldn't download stuff. How on earth are they going to know to visit a website before they download the bad stuff?
The most likely targets for all this spyware/adware, etc. are not the folks that run anti-spyware software or AV or have a personal firewall activated (like me and you, if you are reading this blog). So this web site is not going to have much impact.
What could possibly change this? If Microsoft and Apple added a check to StopBadware.org as part of the software install process, that would help. At this point, my trusty iBook (yes, I switched over to a Mac when I left corporate life) tells me that I'm loading an application, but it doesn't tell me whether that application is known to be a festering cesspool of malware. If I knew that information ahead of time, potential problems can be avoided.
Maybe StopBadware.org will also integrate some type of "reputation" capability so that users could vote on each software. Not unlike spam, sometimes spyware/adware is in the eye of the beholder. Because someone reported an application onto this web site doesn't make that application "badware." This organization needs to make sure there is a clean and quick process to dispute a rating. What you don't want is another email blacklist system that ends up penalizing good companies because some moron decides they didn't really mean to opt-in to a message list.
So, I like the idea of a public service to track bad applications that should be avoided, and maybe StopBadware.org will get there. Let me say I hope these folks get there, but they'll need to mature quickly to gain relevance.