Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs...
Transcript of Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs...
Near-deathexperience
WhyAVsgetclobberedbyunwantedsoftware
(andhowthey’llwin)
DennisBatchelderAppEsteemCorporationAVAR2016(Malaysia)
Softwaremonetizers arebusinesses
• They makemillionsinrevenue• Theyareproudoftheirbrands• Theyusesophisticateddirect marketingandA/Btestingtomaximizetheirconsumer“conversions”• Mostsecuritypartnersarealsosoftwaremonetizers• Scan/try/buyandfreemiummodels• Offerotherproducts/services• Payperinstallwithothercarriers• PayperinstallwithnewPCs• Alternativemonetization:displayads,safesearch,adblocking,pricecomparisons
Softwaremonetizationbecomesunwantedwhen…
• … consumersaretricked intogivingconsent(ornotevenasked)• … consumersareunpleasantlysurprised bywhatdid(ordidn’t)happen• … consumersfeelcheated bywhattheypaidfor
Thisindustryhasmanyopportunitiesforconsumerabuse
•Aggressiveandunauthorizedaffiliates•Displayingscaryandlyingads•Misleadingandtrickylandingpages• Installingwithoutconsent•Annoying andscaringwithadsandwarnings•Up-sellingandcross-sellingduringpaymentandsupport
Thevendorperspective• Theyadmitthey’rebeingaggressive• Theyclaimlackofclarityondetections
• Theyseemanyconflictsofinterestbythe“protectors”• Platforms areaggressivewith updates,changingdefaults,collectingtelemetry
• AVsseen asscaringconsumersduringtrialstoupsell
• AVssellsystemtoolsandtheirdetectionslooklikethey’reblockingcompetitors
• Browsersandplatformslooklikethey’reprotectingtheirownmonetization
• … sotheymorphandevadeandcalltheirlawyers• Newbrands,companies,landingpages,certificates,advertisements,web-configuredbehavior
Result:AVsfail toprotectfromunwantedsoftware
• Automationfails• Hardtoactuate andreplicate
• Behavior monitoringfails• Appsobtainuserconsent,usenormaldistribution
• Malwareanalysisfails• Landingpages,brands,docs,advertising,up-sellingneedchecking;changerapidly
• Humanresponsefails• Softwarevendorsfightbackwithlawyers,notevasion
• Policingexternalbehaviorisn’twhatresearchers signedupfor
• Testingfails• Comparativetestersareslowtoenterthisspace
IfanAVcannotprotectitsconsumersfromunwantedsoftware,itsfuturelooksbleak
We’vebeensolvingthisproblemtogetherforalmostthreeyears
• 2014:Microsoftpushesforanewapproach• FormationmeetingsinIsrael,Florida,Canterbury
• 2015-2016:CleanSoftwareAlliancepicksupsteam• SummitsinVegas,NYC,Prague,California• Publishsoftwareandadvertisingguidelines
• 2016:AppEsteemstartscertifyingapps• Publishedbroadappcertrequirements• Definedmonitoringforapps,landingpages,andbetterworldnetworkpartners
• AgreedthatCSAwillprovideoversight• Launchedpilot
Thepremise:
Ifweprovideasafehavenforcleanapps…
…wecangetmuchmoreaggressiveandsqueezeoutthedirtyapps
whofundtheirbusinessbytrickingandcheatingcustomers
whogrowtheirbusinessbyoutbiddingthecleanplayers
CertificationdrivesvendorchangeandhelpsAVssucceed
BeforeAppEsteem Certifiedappsmakeabetterworld
AppEsteem’s pilotlaunchedlastmonth
• 21Securitypartners(notallcommitted;somewatching)• 5 Softwaremonetizationvendors(18moreinpipeline)• 5BetterWorldNetworkpartners
• Complianceofficers,paymentprocessors,callcenters,AVmonitoringservices
• Planningtoaddadnetworks,downloaders
• OverseenbytheCleanSoftwareAlliance
• Manualstage(Nov-Dec2016)• Validatetherequirements• Setupcommunicationpaths• Traincertifiers
• Automatedstage(Jan-Mar2017)• SRCLmonitoring/reporting• Automatedsigsandonlineverification• Embeddedseal/taggant
CertificationindeedledtovendorschangingtheirappsProductCategory ExampleareachangedforcertificationWeb Browser Software:Misleadingicons,hiddenbrowserpopup,
appdoesn’tclose
NewTab(ChromeExtension)
Interstitial offer:didn’tclose,over-integratedintocarrierflowandnotclearlyseparable
PCOptimizertool Callcenter: aggressiveupsellingoftechsupport
PC Optimizertool Calltoaction/payment:needed tohighlighttheneedtopaybeforefixing
PCOptimizertool Install:hiddencomponentnotdisclosed,notun-installable
Whatwe’velearnedfromourSecurityPartners• Wemissed/neededclarificationonrequirementsanddisclosures
• Callcenters,targetOS/browsers,distinctcleancertificatesanddevaccounts• IttakestimetotrustAppEsteem
• Especiallywhenpartnerdoesn’tknowus• Areasofdifficulty:perceivedconflictofinterest;fearoftrustingorrewardingthe“badguys”• Ourresponse:wecollectformonitoring;weneedtocreateanalternativepath
• Ittakestimeforourpartnerstochangeclientandcloudcode• Todaypartnersarewhitelistingandarewaitingforourtech
• Securitypartnerappshavetheirownissues• Butit’simportanttobeconsistent• We’relookingforwaystoacceleratethecleanup
Whatwe’velearnedfromSoftwareVendors• Manyvendorsarematureenoughtotaketheleap• Fewwanttobemonitored;fewarehappytopay• Detectionsdriveurgency,butvendorstillhasto“convert”theirculture• Wespenttoomuchtimewiththosenotreadytoconvert,whoseemtowantitbothways
Signalsofcultureconversion Signalsofunsuccessfulcultureconversion
• Findingwaystomeasureandrespondtoconsumersentiment
• Killingappsthathavenointrinsicvalue• Movingtocleaneraffiliates,callcenters
(orshuttingthemdown)• Shiftingtoalong-termpayment
relationshipwithconsumers• Seeking tounderstandtheintentions
behindtherequirements
• Too-fast, unquestioningsubmissionofcontracts,attestations
• Loudprotestationsof“we’resoclean”,“nobodydetectsus”
• Lookingforwaystogetaroundmonitoringandcertification
• Withdrawing/substitutingapps• Offering topayextratomakethe
problemgoaway
Consumersneedyoutogetthisright• Jointhepilot
• Winthefightagainstunwantedsoftware
• Helpusnailtherequirements• Reduceyourwork• Reduceyourrisk
• Usetherequirements• They’refree,andthey’regreat
• Committokeepingyourownappsclean• Wecan’taffordtobehypocrites
• It’llhelpinfuturetests
https://appesteem.com@appesteem
Reviewourdocsandsignup: https://appesteem.com/documents.htmlAppcertificationrequirements: https://customer.appesteem.com/Home/AppCertReqs