why avs get clobbered - appesteem blogblog.appesteem.com/file.axd?file=/near death... · why avs...
TRANSCRIPT
![Page 1: Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs get clobbered ... AVAR 2016 (Malaysia) Software monetizers are businesses • They](https://reader033.vdocuments.mx/reader033/viewer/2022060306/5f097e6e7e708231d4271767/html5/thumbnails/1.jpg)
Near-deathexperience
WhyAVsgetclobberedbyunwantedsoftware
(andhowthey’llwin)
DennisBatchelderAppEsteemCorporationAVAR2016(Malaysia)
![Page 2: Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs get clobbered ... AVAR 2016 (Malaysia) Software monetizers are businesses • They](https://reader033.vdocuments.mx/reader033/viewer/2022060306/5f097e6e7e708231d4271767/html5/thumbnails/2.jpg)
Softwaremonetizers arebusinesses
• They makemillionsinrevenue• Theyareproudoftheirbrands• Theyusesophisticateddirect marketingandA/Btestingtomaximizetheirconsumer“conversions”• Mostsecuritypartnersarealsosoftwaremonetizers• Scan/try/buyandfreemiummodels• Offerotherproducts/services• Payperinstallwithothercarriers• PayperinstallwithnewPCs• Alternativemonetization:displayads,safesearch,adblocking,pricecomparisons
![Page 3: Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs get clobbered ... AVAR 2016 (Malaysia) Software monetizers are businesses • They](https://reader033.vdocuments.mx/reader033/viewer/2022060306/5f097e6e7e708231d4271767/html5/thumbnails/3.jpg)
Softwaremonetizationbecomesunwantedwhen…
• … consumersaretricked intogivingconsent(ornotevenasked)• … consumersareunpleasantlysurprised bywhatdid(ordidn’t)happen• … consumersfeelcheated bywhattheypaidfor
![Page 4: Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs get clobbered ... AVAR 2016 (Malaysia) Software monetizers are businesses • They](https://reader033.vdocuments.mx/reader033/viewer/2022060306/5f097e6e7e708231d4271767/html5/thumbnails/4.jpg)
Thisindustryhasmanyopportunitiesforconsumerabuse
•Aggressiveandunauthorizedaffiliates•Displayingscaryandlyingads•Misleadingandtrickylandingpages• Installingwithoutconsent•Annoying andscaringwithadsandwarnings•Up-sellingandcross-sellingduringpaymentandsupport
![Page 5: Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs get clobbered ... AVAR 2016 (Malaysia) Software monetizers are businesses • They](https://reader033.vdocuments.mx/reader033/viewer/2022060306/5f097e6e7e708231d4271767/html5/thumbnails/5.jpg)
Thevendorperspective• Theyadmitthey’rebeingaggressive• Theyclaimlackofclarityondetections
• Theyseemanyconflictsofinterestbythe“protectors”• Platforms areaggressivewith updates,changingdefaults,collectingtelemetry
• AVsseen asscaringconsumersduringtrialstoupsell
• AVssellsystemtoolsandtheirdetectionslooklikethey’reblockingcompetitors
• Browsersandplatformslooklikethey’reprotectingtheirownmonetization
• … sotheymorphandevadeandcalltheirlawyers• Newbrands,companies,landingpages,certificates,advertisements,web-configuredbehavior
![Page 6: Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs get clobbered ... AVAR 2016 (Malaysia) Software monetizers are businesses • They](https://reader033.vdocuments.mx/reader033/viewer/2022060306/5f097e6e7e708231d4271767/html5/thumbnails/6.jpg)
Result:AVsfail toprotectfromunwantedsoftware
• Automationfails• Hardtoactuate andreplicate
• Behavior monitoringfails• Appsobtainuserconsent,usenormaldistribution
• Malwareanalysisfails• Landingpages,brands,docs,advertising,up-sellingneedchecking;changerapidly
• Humanresponsefails• Softwarevendorsfightbackwithlawyers,notevasion
• Policingexternalbehaviorisn’twhatresearchers signedupfor
• Testingfails• Comparativetestersareslowtoenterthisspace
![Page 7: Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs get clobbered ... AVAR 2016 (Malaysia) Software monetizers are businesses • They](https://reader033.vdocuments.mx/reader033/viewer/2022060306/5f097e6e7e708231d4271767/html5/thumbnails/7.jpg)
IfanAVcannotprotectitsconsumersfromunwantedsoftware,itsfuturelooksbleak
![Page 8: Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs get clobbered ... AVAR 2016 (Malaysia) Software monetizers are businesses • They](https://reader033.vdocuments.mx/reader033/viewer/2022060306/5f097e6e7e708231d4271767/html5/thumbnails/8.jpg)
We’vebeensolvingthisproblemtogetherforalmostthreeyears
• 2014:Microsoftpushesforanewapproach• FormationmeetingsinIsrael,Florida,Canterbury
• 2015-2016:CleanSoftwareAlliancepicksupsteam• SummitsinVegas,NYC,Prague,California• Publishsoftwareandadvertisingguidelines
• 2016:AppEsteemstartscertifyingapps• Publishedbroadappcertrequirements• Definedmonitoringforapps,landingpages,andbetterworldnetworkpartners
• AgreedthatCSAwillprovideoversight• Launchedpilot
![Page 9: Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs get clobbered ... AVAR 2016 (Malaysia) Software monetizers are businesses • They](https://reader033.vdocuments.mx/reader033/viewer/2022060306/5f097e6e7e708231d4271767/html5/thumbnails/9.jpg)
Thepremise:
Ifweprovideasafehavenforcleanapps…
![Page 10: Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs get clobbered ... AVAR 2016 (Malaysia) Software monetizers are businesses • They](https://reader033.vdocuments.mx/reader033/viewer/2022060306/5f097e6e7e708231d4271767/html5/thumbnails/10.jpg)
…wecangetmuchmoreaggressiveandsqueezeoutthedirtyapps
whofundtheirbusinessbytrickingandcheatingcustomers
whogrowtheirbusinessbyoutbiddingthecleanplayers
![Page 11: Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs get clobbered ... AVAR 2016 (Malaysia) Software monetizers are businesses • They](https://reader033.vdocuments.mx/reader033/viewer/2022060306/5f097e6e7e708231d4271767/html5/thumbnails/11.jpg)
CertificationdrivesvendorchangeandhelpsAVssucceed
BeforeAppEsteem Certifiedappsmakeabetterworld
![Page 12: Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs get clobbered ... AVAR 2016 (Malaysia) Software monetizers are businesses • They](https://reader033.vdocuments.mx/reader033/viewer/2022060306/5f097e6e7e708231d4271767/html5/thumbnails/12.jpg)
AppEsteem’s pilotlaunchedlastmonth
• 21Securitypartners(notallcommitted;somewatching)• 5 Softwaremonetizationvendors(18moreinpipeline)• 5BetterWorldNetworkpartners
• Complianceofficers,paymentprocessors,callcenters,AVmonitoringservices
• Planningtoaddadnetworks,downloaders
• OverseenbytheCleanSoftwareAlliance
• Manualstage(Nov-Dec2016)• Validatetherequirements• Setupcommunicationpaths• Traincertifiers
• Automatedstage(Jan-Mar2017)• SRCLmonitoring/reporting• Automatedsigsandonlineverification• Embeddedseal/taggant
![Page 13: Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs get clobbered ... AVAR 2016 (Malaysia) Software monetizers are businesses • They](https://reader033.vdocuments.mx/reader033/viewer/2022060306/5f097e6e7e708231d4271767/html5/thumbnails/13.jpg)
CertificationindeedledtovendorschangingtheirappsProductCategory ExampleareachangedforcertificationWeb Browser Software:Misleadingicons,hiddenbrowserpopup,
appdoesn’tclose
NewTab(ChromeExtension)
Interstitial offer:didn’tclose,over-integratedintocarrierflowandnotclearlyseparable
PCOptimizertool Callcenter: aggressiveupsellingoftechsupport
PC Optimizertool Calltoaction/payment:needed tohighlighttheneedtopaybeforefixing
PCOptimizertool Install:hiddencomponentnotdisclosed,notun-installable
![Page 14: Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs get clobbered ... AVAR 2016 (Malaysia) Software monetizers are businesses • They](https://reader033.vdocuments.mx/reader033/viewer/2022060306/5f097e6e7e708231d4271767/html5/thumbnails/14.jpg)
Whatwe’velearnedfromourSecurityPartners• Wemissed/neededclarificationonrequirementsanddisclosures
• Callcenters,targetOS/browsers,distinctcleancertificatesanddevaccounts• IttakestimetotrustAppEsteem
• Especiallywhenpartnerdoesn’tknowus• Areasofdifficulty:perceivedconflictofinterest;fearoftrustingorrewardingthe“badguys”• Ourresponse:wecollectformonitoring;weneedtocreateanalternativepath
• Ittakestimeforourpartnerstochangeclientandcloudcode• Todaypartnersarewhitelistingandarewaitingforourtech
• Securitypartnerappshavetheirownissues• Butit’simportanttobeconsistent• We’relookingforwaystoacceleratethecleanup
![Page 15: Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs get clobbered ... AVAR 2016 (Malaysia) Software monetizers are businesses • They](https://reader033.vdocuments.mx/reader033/viewer/2022060306/5f097e6e7e708231d4271767/html5/thumbnails/15.jpg)
Whatwe’velearnedfromSoftwareVendors• Manyvendorsarematureenoughtotaketheleap• Fewwanttobemonitored;fewarehappytopay• Detectionsdriveurgency,butvendorstillhasto“convert”theirculture• Wespenttoomuchtimewiththosenotreadytoconvert,whoseemtowantitbothways
Signalsofcultureconversion Signalsofunsuccessfulcultureconversion
• Findingwaystomeasureandrespondtoconsumersentiment
• Killingappsthathavenointrinsicvalue• Movingtocleaneraffiliates,callcenters
(orshuttingthemdown)• Shiftingtoalong-termpayment
relationshipwithconsumers• Seeking tounderstandtheintentions
behindtherequirements
• Too-fast, unquestioningsubmissionofcontracts,attestations
• Loudprotestationsof“we’resoclean”,“nobodydetectsus”
• Lookingforwaystogetaroundmonitoringandcertification
• Withdrawing/substitutingapps• Offering topayextratomakethe
problemgoaway
![Page 16: Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs get clobbered ... AVAR 2016 (Malaysia) Software monetizers are businesses • They](https://reader033.vdocuments.mx/reader033/viewer/2022060306/5f097e6e7e708231d4271767/html5/thumbnails/16.jpg)
Consumersneedyoutogetthisright• Jointhepilot
• Winthefightagainstunwantedsoftware
• Helpusnailtherequirements• Reduceyourwork• Reduceyourrisk
• Usetherequirements• They’refree,andthey’regreat
• Committokeepingyourownappsclean• Wecan’taffordtobehypocrites
• It’llhelpinfuturetests
![Page 17: Why AVs get clobbered - AppEsteem Blogblog.appesteem.com/file.axd?file=/near death... · Why AVs get clobbered ... AVAR 2016 (Malaysia) Software monetizers are businesses • They](https://reader033.vdocuments.mx/reader033/viewer/2022060306/5f097e6e7e708231d4271767/html5/thumbnails/17.jpg)
https://appesteem.com@appesteem
Reviewourdocsandsignup: https://appesteem.com/documents.htmlAppcertificationrequirements: https://customer.appesteem.com/Home/AppCertReqs