StopBadware was[1] an anti-malware nonprofit organization focused on making the Web safer through the prevention, mitigation, and remediation of badware websites. It is the successor to StopBadware.org, a project started in 2006 at the Berkman Center for Internet and Society at Harvard University. It spun off to become a standalone organization, and dropped the ".org" in its name, in January 2010.[2]

StopBadware
Founded2006
FounderJohn Palfrey, Jonathan Zittrain
Dissolved2020
Type501(c)(3)
Location
Key people
Vint Cerf, Esther Dyson
Websitewww.stopbadware.org[dead link]

Its website stopped working around 2021 because of copyright restrictions.[1]

People

edit

The founders of StopBadware.org were John Palfrey, then Executive Director of the Berkman Center, and Jonathan Zittrain, then at the Oxford Internet Institute.[3] Both are now Professors of Law at Harvard University and faculty co-directors of the Berkman Center.

Board members of StopBadware include Vint Cerf (Chair), Esther Dyson, Philippe Courtot, Alex Eckelberry, Michael Barrett, Brett McDowell, Eric Davis, and Maxim Weinstein, StopBadware's former executive director.[4] John Palfrey, Ari Schwartz, John Morris, Paul Mockapetris, and Mike Shaver formerly served on the Board.

Supporters

edit

StopBadware was funded by corporate and individual donations. Some of its current partners include Google, Mozilla, PayPal, Qualys, Verisign, Verizon, and Yandex.[5] Google, GFI Software, and NSFocus participate as data providers in the organization's Badware Website Clearinghouse (see below). Previous supporters include AOL, Lenovo, Sun Microsystems, Trend Micro, and MySpace. Consumer Reports WebWatch, a now-defunct part of Consumers Union, served as an unpaid special advisor while StopBadware.org was a project at the Berkman Center.

Activities

edit

StopBadware's focus was on fighting "badware by working to strengthen the entire Web ecosystem." In pursuit of this some of the organization's activities include maintaining a badware website clearinghouse, acting as an independent reviewer of blacklisted sites, website owner and user education, and a "We Stop Badware" program for Web hosts.[6] In June 2012 StopBadware launched the Ads Integrity Alliance with support from founding members AOL, Facebook, Google, the Interactive Advertising Bureau (IAB), and Twitter. The Alliance is a resource for online ad platforms seeking to protect users from deceptive or harmful ads.[7] The organization receives data from its data providers and maintains a searchable clearinghouse (Badware Website Clearinghouse) of URLs blacklisted by those data providers.[8] StopBadware's independent review process gives webmasters the option to request removal from data providers' blacklists and is intended to function as "due process" for webmasters whose sites have been listed as bad.[9][10] StopBadware maintains a community forum, BadwareBusters.org,[11] which includes an online form for reporting badware URLs encountered by the community.

StopBadware also aggregated badware statistics,[12] advocates for consumer protection in public policy, and publishes advisory documents (software guidelines,[13] best practices for web hosting providers[14]) compiled with input from the organization's working groups.[15]

Defining "badware"

edit

Originally

edit

StopBadware.org originally, in 2006, defined "badware" as follows:

  1. If the application acts deceptively or irreversibly.
  2. If the application engages in potentially objectionable behavior without:
    • First, prominently disclosing to the user that it will engage in such behavior, in clear and non-technical language, and
    • Then, obtaining the user's affirmative consent to that aspect of the application.[16]

The original mission was to "provide tools and information that assist industry and policymakers in meeting their responsibility to protect users from badware, and that help users protect themselves."[17] StopBadware took the position that software is badware if it does certain prohibited things, despite any disclaimer in an EULA or purported consent by the user. "Silently downloading" and "Installing additional software without informing the user of the identity and purpose of that software (bundling)" are examples of such prohibited behavior. StopBadware investigated reports of improper behavior by programs, and offered vendors the opportunity to reply to their findings.

In the 2010s

edit

StopBadware focused on web-based malware and defined badware as "software that fundamentally disregards a user's choice about how his or her computer or network connection will be used." This includes viruses, Trojans, rootkits, botnets, spyware, scareware, and many other types of malware. A badware website is a website that helps distribute badware, either intentionally or because it has been compromised.[18]

Google and StopBadware

edit

There was a common misconception that StopBadware blacklists websites and that Google uses this blacklist to protect their users. In fact, Google's Safe Browsing initiative uses automated systems to identify and blacklist websites.[19] This blacklist is used by Google to warn users before they visit potentially dangerous sites. The Firefox web browser and other applications also use Google's Safe Browsing API to warn their users based on the same blacklist.

The confusion is likely due to the close relationship between Google and StopBadware. Google links to StopBadware from their interstitial warning pages.[20] The link (now defunct) directed users to StopBadware's educational content about badware;[21] it also pointed webmasters to StopBadware's independent review process so site owners can request removal from Google's blacklist.[9] StopBadware's Badware Website Clearinghouse also listed websites blacklisted by Google.

Google uses automated systems to search for websites that distribute badware, and issues warnings about websites on which malicious activity is detected.[22] When a user tries to access one of these sites, that user is redirected to an interstitial page wherein Google warns the user of the detected malicious activity.[23] Google attempts to notify site owners when blacklisting a website.[24]

On February 2, 2009, for the duration of approximately one hour, all sites were temporarily listed as "potentially harmful to [ones] computer".[25]

See also

edit

References

edit
  1. ^ a b "Remove the link to StopBadware.org in SafeBrowsing interstitial page". bugzilla.mozilla.org. 2020-08-06. Retrieved 2022-05-25.
  2. ^ Miller, Mary Helen (January 28, 2010). "StopBadware Spins Off From Harvard U. to Be a Stand-Alone Nonprofit Group". The Chronicle of Higher Education. Retrieved January 13, 2011.
  3. ^ Hines, Matthew (January 30, 2010). "StopBadware Researchers Graduate from Harvard". eWeek Security Watch. Archived from the original on January 28, 2011. Retrieved January 13, 2011.
  4. ^ "Board of Directors". StopBadware. Retrieved January 19, 2013.
  5. ^ "Supporting Organizations". StopBadware. Retrieved January 19, 2013.
  6. ^ "What We Do". StopBadware. Retrieved January 19, 2013.
  7. ^ "Ads Integrity Alliance". StopBadware. Retrieved January 19, 2013.
  8. ^ "Badware Website Clearinghouse". StopBadware. Retrieved January 19, 2013.
  9. ^ a b Mills, Elinor (February 2, 2009). "StopBadware.org, the place to appeal a Google malware warning". CNET Security News. Retrieved January 13, 2011.
  10. ^ "Request a Review". StopBadware. Retrieved January 19, 2013.
  11. ^ "About". BadwareBusters.org. Archived from the original on January 1, 2011. Retrieved January 13, 2011.
  12. ^ "AS Report – Top 50 by Number of Reported URLs". StopBadware. Retrieved January 19, 2013.
  13. ^ "Guidelines". StopBadware. Retrieved January 19, 2013.
  14. ^ "Web Hosting Best Practices". StopBadware. Retrieved January 19, 2013.
  15. ^ "Working Groups". StopBadware. Archived from the original on November 28, 2010. Retrieved January 13, 2011.
  16. ^ "Stop Badware Software Guidelines". April 7, 2006. Archived from the original on April 7, 2006.{{cite web}}: CS1 maint: unfit URL (link)
  17. ^ "Main Page". StopBadware. Retrieved January 13, 2011.
  18. ^ "What is Badware". StopBadware. Retrieved January 19, 2013.
  19. ^ Ballard, Lucas (October 12, 2009). "Show Me the Malware!". CNET Security News. Retrieved January 13, 2011.
  20. ^ "What is the Google Safe Browsing Blacklist?". SerpGuard website. Retrieved January 13, 2011.
  21. ^ "Suspicious results and strange behavior: Results labeled 'This site may harm your computer". Google Web Search Help results. Retrieved January 13, 2011.
  22. ^ Provos, Niels; McNamee, Dean; Mavrommatis, Panayiotis; Wang, Ke; Modadugu, Nagendra (April 2007). "The Ghost in the Browser: Analysis of Web-based Malware." (PDF). Encyclopedia of Things. USENIX. Retrieved January 13, 2011.
  23. ^ Gabe, Glenn (April 22, 2009). "Yes, You're An Attack Site That Contains Malware, Now Here's What To Do About It". Search Engine Journal. Retrieved January 13, 2011.
  24. ^ "About malware and hacked sites". Google Webmaster Tools Help results. Retrieved January 13, 2011.
  25. ^ Google warns entire Internet is malware – "For about an hour Saturday morning, Google listed every site on the Internet as potentially harmful to your computer. At first, Google blamed the problem on StopBadware.org but later had to eat crow."
edit