As a security researcher, Leahy concedes she should have known better than simply clicking "next" through the installation process (giving the company permission to install the bundles) but her experience is probably the same as the average end-user who pays little attention to EULAs and default checkboxes.As far back as April 2007, the guys behind Trillian explained the bundling deals as an economic issue and insisted the installation will be "absolutely transparent and absolutely optional." But, as Leahy and others have discovered, crapware can sneak onto a PC if users aren't vigilant. The bigger issue for start-ups struggling to monetize free software offerings is what spyware research guru Ben Edelman calls "deceptive door openers." Ask.com, especially, has a checkered history with the way its search toolbar is marketed to end users. The company has been known to target kids online with promises of free smileys and advertising through other vendors' spyware, according to Edelman's research. StopBadware's Leahy stopped short of condemning the free Trillian as "badware" because the disclosure process is in keeping with established guidelines but it sure looks like the image of Cerulean Studios will take a hit. Oh, by the way, Trillian just shipped a fix for an "highly critical" code execution vulnerability. [ ALSO SEE: How to degunk a PC full of crapware ]
StopBadware.org researcher Liana Leahy has taken Cerulean Studios to task for bundling two third-party applications into the popular free Trillian IM client, arguing that users who are not careful during the Trillian installation process could end up with a crapware problem. During the installation process, the default setting is for Trillian to bundle the Weather Channel Desktop and the Ask Toolbar, two products that could introduce security risks to PC users.