‘Spyware’ Label Slapped on Legit Research Software

Some anti-spyware programs zap comScore’s tracking software from its own panel members’ PCs, ClickZ has learned. The same programs likely pose threats to other online research firms’ applications.

The growing popularity of such programs has increased the churn rate in comScore’s online research panel.

While the research company’s panel has grown from two to six million participants since 2003, churn raises uncomfortable questions about the consistency of the market research advertisers rely upon.

“In the understandable rush to scrub systems of undesirable applications like spyware, there has been an indiscriminate application of that word to systems that don’t meet that description,” said comScore SVP Dan Hess. “There are some security software systems that flag software of ours, and others like ours, and remove them.”

Nielsen//NetRatings, a major competitor, meanwhile claims it “has not experienced any issues with anti-spyware software,” according to spokesperson Marla Dierkes. However, Symantec’s Web site shows it has identified the company’s software as “spyware.” Meanwhile, Lavasoft’s Ad-Aware rates the software’s threat level as four out of 10, with 10 being the most threatening.

“While it hasn’t impacted our business in a significant way, we think it’s important for a host of reasons to get ahead of the issue instead of reacting to it later if it becomes a larger problem,” said Graham Mudd, a comScore senior analyst.

comScore has launched an initiative to create an industry distinction between spy- and adware, and opt-in market research software.

The company wants a new classification for legitimate market research software: “researchware.” The goal is to enable market research companies to clearly distinguish their survey tools from malicious programs that seek consumer information, Hess said.

In December, a letter to clients and partners outlined five points that distinguish comScore’s software from spyware: it’s opt-in, with clear opt-out instructions; it scrubs personally identifiable information from data; its privacy and data security practices are audited and certified annually; panelists receive benefits for participation; it doesn’t sell or share research panel data to/with advertisers.

comScore has asked security software vendors to remove its software from spyware blacklists. “When we are able to contact [them], we typically are removed from the lists,” Hess said, citing Computer Associates (CA) as an example.

Yet CA told ClickZ News comScore will be added to a new “trackware” list — a category the security company just established — effective February 18. It’s back due to a lack of transparency, said Sam Curry, CA VP of product management.

CA defines “trackware” as “any software which, subsequent to user permission being granted, uses a machine’s Internet connection to silently transmit personally identifiable information.”

“It’s been a bit of a rollercoaster for comScore, which has been added, then removed, and now added again to our spyware lists,” Curry told ClickZ News. “comScore is welcome to appeal this, but they are the manufacturer of the MarketScore software, which we are re-adding to our spyware list under a new category of trackware, tomorrow morning.”

“Trackware,” a non-standard term, is an example of what David Nason refers to as “greyware.” Nason, CTO of anti-spyware vendor eAcceleration, said this grey area prompts many security software vendors to remove any third-party software, including cookies, from PCs.

“It’s certainly a big problem, and not just for the market research companies,” said Nason. “There is anti-spyware software that is arguably spyware. There is anti-spyware software that is not spyware that gets identified as spyware and removed by competitors. When it gets down to the consumer level, it’s hard for people to know what to believe.”

eAcceleration is unusual in that it contacts companies before blacklisting their software. Of the scores of free, downloadable anti-spyware programs, few contact software makers they blacklist. Many security vendors have little or no available contact information, Hess said. The situation is analogous to that faced by legitimate email marketers who finds themselves on blacklists.

comScore is taking its case to industry associations like the Interactive Advertising Bureau (IAB), and plans to reach out to competitors like Nielsen//NetRatings to create an industry-wide distinction.

“This is an issue affecting nearly every player in our industry, so there is broad interest in building consensus,” Mudd said.

Consensus may be hard to build, particularly when admitting the problem could damage business models. “Our opt-in panel obtains explicit consent from our panelists, which bypasses the need for any distinctions in definitions,” NetRating’s Dierkes told ClickZ.

Related reading