Video nasty, adware nastier say experts of Guardian.co.uk ad

Web usage details for car wreck footage - fair trade?
Written by Will Sturgeon, Contributor

Web usage details for car wreck footage - fair trade?

Over the past week readers of the Guardian website have been able to view a rich media advert apparently showing a person about to be hit by a bus.

Call it gruesome (a screenshot is shown below) but one security expert has dubbed it "controversial" for another reason - because it links through to a website, run by a company called Zango, where users are able to download adware applications onto their machines.

Guardian ad

A screenshot from a rich media ad which appeared on the Guardian's website, apparently showing a person about to be hit by a bus

In order to view video clips of car smashes and accidents, or download games and screensavers on Zango.com users must install a file called Setup.exe from a server at static.zangocash.com. What many may not realise is that by doing so they are downloading adware onto their machines which not only relays information back to Zango about their web sessions but may also serve annoying pop-up ads which could contain adult content.

Steven Cox, principal security consultant at CA, said too few end users read the terms and conditions when signing up for such adware and expressed concerns that many may be children, despite being presented with a tick-box which asks users to verify whether they are over 18 years of age.

The Zango business model is far from unique and is not illegal but many security experts claim the attempt to get adware onto users' machines is a grey area. The means employed to encourage users to download it are also questionable, they say.

Zango's full end-user licensing agreement (EULA) is only readable a few lines at a time and users must scroll some way before they get to a sentence such as: "By installing the Licensed Software, you grant permission for 180 to collect and use certain information."

A spokesman from Zango.com claimed users know exactly what they are giving their consent to and said the company's EULA is "comprehensive" and "plain language".

However, the wording and positioning of EULAs remains an area of heated debate in the security industry. Graham Cluley, senior technology consultant at Sophos, said: "It's a shame so much software hides its true intentions behind pages of legalese that few users are prepared to read."

The EULA, which refers to Zango by its former name, 180 Solutions, also contains the phrase "180 reserves the right to change the provisions of its Privacy Policy from time to time" - the sort of phrase users should be wary of, experts say.

While Cluley said he is well aware of Zango and 180 Solutions, he suggested The Guardian has been remiss in promoting such a service.

He said: "The Guardian should perhaps show a keener interest in deciding what is and what isn't suitable for promotion on their website."

The Guardian did not respond to a request for comment from silicon.com.

As for the gruesome content of its videos, the Zango spokesman said these are "videos that you see on the news every single day".

He also said Zango's applications have wrongly been labelled as 'spyware' in the past by security companies who he claimed are looking to inflate the number of threats they detect.

CA's Cox said any security company's first responsibility is to its customers who sign up for protection from a clearly defined list of threats and applications.

Editorial standards