Secure IT Foundation

Toolbars should be called ‘Malware’

Posted on: October 31, 2011

If it walks like a duck, quacks like a duck, looks like a duck, it must be a duck…

If software on computer communicated to third parties like malware, altered settings like malware, behaved like malware, it must be malware. You would think so but there is a threat to computer security that does not get classified as malware.

It gets around being classified as malware by making the user accept the software as part of an installation of other software. For example if you look at the Top 10 downloads from at the moment you will see at number three there is a program called YouTube Downloader, with nearly 800,000 downloads in the previous month.

When you install the software you get a typical install process for Windows, but with an additional option page for a Toolbar:

YouTube Downloader Toolbar Screenshot

YouTube Downloader Toolbar Screenshot

While there is an option to decline (which we strongly recommend you use!), most users do not. There is no informed consent for the user that they are about to install a potentially unwanted program, which will make changes to your computer. But if you click ‘Accept’ the toolbar takes over you browsers and your PC. In nature, this would be called a parasite, as it feeds on the others in a symbiotic relationship.

As the user has clicked ‘Accept’ to the legalese terms they have agreed to allow it control of their computer. Following the trail, brings you to a company called Spigot whose slogan is ‘Turn on the revenue’. In case you don’t realise it, they mean revenue for application developers by using your internet data, mined by the toolbar! You are the cash cow, as they make money on selling marketing information based on your surfing habits.

These terms include:

“The Spigot Toolbar Privacy Policy applies to the Spigot Toolbar only and is independent of any other application(s) you may be installing or using concurrently. Spigot Toolbar is built and maintained by Spigot, Inc. (“We”). We care about your privacy and will never collect personally identifiable information or monitor usage on an individual level.”

The information we collect is for basic reporting purposes only, and includes the following:
a) Date and time of installation
b) Date and time of un-installation
c) Originating IP address and the user’s country at time of installation/un-installation
d) Toolbar status in Internet Explorer or Firefox (i.e. if a toolbar is hidden or displayed in the browser)
e) Partner ID at time of installation
f) Toolbar version at time of installation

Information we collect during Toolbar Usage

We do not monitor the web pages you visit. When you perform a search, your search may be sent through our servers in order to ‘optimize the search result’. This will record the following anonymous usage information:
a) Date and time of search
b) Originating IP address
c) Partner / Channel ID of your Toolbar
d) Toolbar version
e) Search term

In addition, your web browser will communicate to us the same information it gives to every web server on the Internet. This could include information such as your computer hardware and software attributes, cookies for our site, and the URL of web page you are requesting.

How we use the Information we collect

Information we collect from you is used on an aggregate basis and for reporting purposes only. For example, we measure the total number of Toolbar installations per month in order to pay our partners, the total number of Toolbar searches conducted per month to measure growth patterns, the number of Toolbars used in Microsoft Internet Explorer or Mozilla Firefox per month to study browser trends, and so on. All information is collected in aggregate and never measured on an individual basis.

Information collected by Third Parties

Search results pages you visit when performing a search using the toolbar are provided by our search engine partners (i.e. Yahoo, Baidu, Yandex, eBay, Amazon). These search engines can track the following:
a) Search term that was entered into the search box
b) Originating IP address and the user’s country or OS language setting
c) Sponsored listings or other advertisements that were clicked on
d) That the search request came from the Spigot Toolbar and its associated revenue tag

The toolbar does not collect personally identifiable information or monitor your surfing behavior.

Use of Cookies

When you conduct a search using the toolbar, our content providers who supply search results (i.e. Yahoo, Baidu, Yandex, eBay, Amazon) may set or access cookies on your computer. The cookies are used for the purpose of measuring referrals from our toolbar on an aggregate basis and are not tied to your personal information. Many browsers offer users the option of declining cookies. If you do not wish to accept cookies, please modify the settings in your browser.

Toolbar Updates

The toolbar communicates with our servers from time to time to check for available software updates such as bug fixes, patches, enhanced functions and new versions. By installing the toolbar, you agree to automatically request and receive updates. If you wish to turn off automatic updates, you can do so from the “Options” menu in the toolbar.

Toolbar Uninstall

You can easily uninstall the toolbar in the traditional Add/Remove programs section in Windows, or from the toolbar by selecting

Options > Help > Uninstall.

Toolbar Deactivation

You can easily hide or deactivate the Toolbar in Internet Explorer or FireFox by selecting View > Toolbars, and then unselecting the checkbox for the toolbar.

Changes to this Privacy Policy

We may update this privacy policy from time to time. We will notify you about significant changes in the way we treat personal information by placing a prominent notice on our site. “

The bold type highlights the problem. It claims it only monitors your search terms without identifying you but your IP address is like a fingerprint. It always leaves a trail on every computer you communicate with and all those in between. The legal issue is that on its own an IP address is not classed as personal data, for example compare the UK stance with the US approach. In reality, every email you send, website you visit or post on a public forum can log your IP address. Combined with your email address or forum username and you can have personally identifiable data.

In addition some toolbars ‘optimise’ the search results to preferred companies whose activities may not be strictly legal or could be classified by some people as scam merchants.

Until these legal issues are resolved, Anti Virus and Computer Security companies cannot classify Toolbars as malware without risk of litigation from the companies involved, says a lot about the money involved here.

So there is a stalemate situation where you know its bad software but your security defences let it through as if it was ok. For now, all we can advise is when you install new software, read the install pages and look out for Toolbars and changes to your search engine and browser settings. If you see one, untick all options and decline it! Weasel words to look for include ‘Community‘, ‘Conduit‘, ‘Spigot‘ and ‘Mybrowserbar‘ amongst many… Clues to look for are those companies who don’t tell you where they are and have no publicly checkable address showing.

Say No to Toolbars and rid the Internet of another parasite by cutting off their revenue stream, namely your information.



1 Response to "Toolbars should be called ‘Malware’"

Couldn’t agree more. I downloaded a piece of software just now, disabled the ‘toolbar’ ‘offer’ (which fortunately for me has become a reflex); but couldn’t help noticing the odd phrasing that seems to be used now: the tick/check box asked me agree to ‘Make and keep’ the freeloading data miner as my default for searches etc.

‘Make and keep’? I dread to think what *that* wanted to do to my computer’s settings…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


  • None
  • Coldwind: Couldn't agree more. I downloaded a piece of software just now, disabled the 'toolbar' 'offer' (which fortunately for me has become a reflex); but co
  • ModemJunki: I only discovered this today - I had updated the firmware to the latest out of habit, and I could STILL access my TrendNet cams on the local network w
  • PrentOS – a Simple Secure Computer « Secure IT Foundation: [...] September 2010 we said it was time for a brand new start to computing, well it is starting to take shape… [...]


%d bloggers like this: