Christina Olsen and her colleagues on the Stop Badware project gave an excellent talk at Berkman yesterday about their work over the past year – David Weinberger’s got a (typically excellent) set of notes on her talk. The Stop Badware effort is an effort to document and warn users about software that’s likely to adversely affect their internet experience. This can include truly evil pieces of malware, like a screensaver that installs pop-up adware, spyware, and an automatic dialer that calls pornography sites, racking up charges on your phone bill… but it can also include merely deceptive software, like the 9.0 release of AOL, which installs toolbars and modifies your favorites files without notice. (Needless to say, AOL was not thrilled to have their installer termed “malware”…)
Stop Badware certainly has a share of scalps to their credit in the past year. The makers of the aformentioned truly evil piece of badware are now out of business, and other software developers they’ve called out have made changes to their software to evade the “badware” distinction. Almost 200 different news outlets have reported on the project, and their reports come up quite high in Google for searches on the software in question – the hope is that some users will search for information on software before installing it and read the reports, rather than installing software they regret later.
The Stop Badware project is closely connected to two other ideas that get a good deal of discussion at Berkman – the Open Net Initiative, and Jonathan Zittrain’s theory of generativity. The Open Net Initiative conducts tests around the world to see how governments are controlling access to the Internet. Rather than conducting these tests a few times a year and releasing formal, academic reports, it would be very cool to provide an “internet weather report”, where users around the world continually report on sites they can and can’t reach. Similarly, Stop Badware would like to have a set of users who volunteer to have their computers monitored, so they could detect what software installations are most likely to lead to problems and user unhappiness.
(As it turns out, it’s actually pretty hard to catch malware in a laboratory setting. Lots of the malware the Stop Badware folks are finding tries to install itself when you visit a website with a poorly patched version of Windows – in a lab setting with properly patched computers, you can miss a lot of the good (i.e., bad) stuff… it might be worth doing some actual user surveys, finding users in the Cambridge area who’ve got badly infected computers and trying to figure out what’s on them as an interim step towards the distributed application Stop Badware and ONI are both talking about building.)
Zittrain is very concerned about a future in which users choose Tivos over PCs – devices which perform a single function well, but cannot perform new functions coded by programmers unconnected with the company which sold the hardware and software. Zittrain wants to preserve the generative power of PCs which can download software from the Internet, allowing users to do completely new things with their machines – downloading Skype to turn their machines into inexpensive phones, for instance. But he’s very worried that malware will convince more and more users to adopt less generative devices – information appliances. While users might be willing to adopt these devices in order to avoid malware, they’d lose the potential to try the next revolutionary application like Skype.
As I listened to Christina and the team yesterday, I realized how long it’s been since I’ve worried about viruses and malware. I switched back to Mac in 2003, and while Mac’s comparative resistance to malware is part of the reason, the other factor is that I don’t download much software nowadays. Most of the new applications I’ve played with the last couple of years have been server-based – they didn’t require me to install anything new on my hard drive. I remember being a Mac user in the early 90s and downloading dozens of new toys every week to try out… and getting half a dozen new viruses in the process. While there is software I download – Skype, NetNewsWire and the new Firefox are all new applications I’m very happy to be using – the vast majority of my “exploration” is on new web-based applications, not of new client applications.
If the server is the new space for generativity, is Zittrain’s desire to protect us from an information appliance future the right approach? If people can create new applications that are accessible to anyone with a web browser, is it so bad that some users choose malware-resistant information appliances that give them a web browser and little else? While I am glad Stop Badware is out there on neighborhood watch, I’m a little worried they’re patching a dike that’s destined to break – the idea that everyone who wants to be online wants a completely open, multifunctional machine that can run good and bad code…