For those of you who haven't been paying the sort of attention that clinical psychiatrists write papers about, i.e., presumably the majority of you, there's been some interesting discussion taking place on my post, from some weeks back, on the limitations of socially generated knowledge. Some of the comments, well, don't require much comment. But I've been pleased with the tenor of the back-and-forth between me and PaperGhost. (It was this post, in response to mine, that got much of the discussion going.) So I thought I'd elevate my latest response to the level of full-fledged post, in the search for some common ground between us. Perhaps somewhat surprisingly, there seems to be more of it than either of us might have thought at the beginning of the exchange.
Do you think most people out there download scanner / removal tools purely to get rid of Zango, or to get rid of the nameless wonder that's hooked into the browser, dumped fifteen EXEs in the System32 folder and started firing spam about penis extensions to old women in Canada? To me, these people are mostly doing it for the latter, and of course in the grand scheme of things, they might have picked up Zango somewhere and decided they might not want it anymore and hose that too.
This is a good point. Unless they're encouraged to do so (perhaps even by some well-meaning but inaccurate forum posting), it seems unlikely to me that most people would purchase a scanning app to get rid of Zango. Hopefully, our unavoidable "plain language disclosure" during the download process, the icon in their system tray and logo in the toolbar, the notification message that we show upon completion of the install and every 90 days thereafter, and our entry in Add/Remove Programs, and the links in our always-labeled ads, all give people enough information about how to uninstall Zango quickly and easily on their own, if they no longer want our software.
I do continue to have a beef with the failure of some anti-spyware applications to be accurate. I've seen a number of instances where an application will claim that Zango is installed when we're not, or will incorrectly identify Zango as some egregious piece of malware. Those are sometimes understandable bugs, fixed as soon as we point them out, but I'm not sure I can understand why some companies insist on calling us "spyware" or "malware". If Zango, with all the practices, procedures and technology that we've implemented, can in any sense be considered spyware, the term has lost all meaning. My sense is that the term is simply being paraded around for its pejorative impact: draw your own conclusions.
I should emphasize this, though: I'm fully in agreement that security applications in general provide a valuable service. I'm embarrassed to admit that over the last 10 years, I've twice been tricked into executing malware of some flavor or other, and I was quite grateful for the various utilities that helped me clean up afterwards. I'm a reasonably technical and suspicious fellow, so if I can get taken in, there's not a lot of hope for my 90-year-old Grandma, out on her own. She's a sharp lady, but not nearly suspicious enough.
I've said often that I'm not overly concerned about the security implications of having Zango on a PC - really, there are bigger fish to fry and nastier things out there to worry about nowadays. The thing that's always made me stand guard on Zango, and quite likely other researchers too, is that the danger hasn't really come from your own application, but the super dubious affiliates you've ended up partnering with in the past.
I agree (more common ground!) that we made some real mistakes there, back in the day. We've legitimately taken some grief for those mistakes – the $3MM fine we're paying to the FTC being just the most obvious example. We signed the FTC consent agreement, and are paying that fine, because we really did fail to police our distribution network properly. We screwed up, no two ways about it.
As financially painful and humbling as the $3 million FTC fine was (as is), it is frankly small potatoes compared to the additional costs associated with our distribution policing issues. For example, we’ve spent millions of dollars more in enhancements to our technology and business practices. The instinct of self preservation, if nothing else, has given Zango quite an incentive to keep its practices and partnerships as whistle-clean as possible.
I do appreciate that PaperGhost added the qualifier “in the past.” We’ve worked hard to clean up our distribution channel and I think that hard work has shown results.
[I]n terms of the screwball affiliate installs of old, if they're not happening, I (and probably many others) don't need to be writing about you and can devote our time to worrying about the rising trade in extremely dubious Adware vendors in China, the Korean hackers teaming up with crackers from the States and the never ending stream of kiddy pr0n groups coming out of Russia.
I would honestly be happy if I never had to write about Zango ever again, and I'm guessing you would be too J.
Amen! I think we've got some fairly substantial common ground here. J