Guilt by [non-]Association

There goes the “neighborhood”.

Going into the past weekend, one of our product sites had a problem in which accessing the page caused a very scary (and completely incorrect) “Reported Attack Site!” message in Firefox browsers, and a similar message in Safari (and Chrome as well, reportedly).  Of the major browsers, only Internet Explorer was allowing direct traffic to two specific pages, because it was the only one that does not (by default, anyway) subscribe to the StopBadware.org database.  To access our site, a user would have to click to ignore a message that said, more or less, “Run away from here and never come back.”

The problem began last Thursday, when FileKicker, a Digital River company that provides download bandwidth for many independent software publishers (including Goodsol Development, until recently), got blacklisted on the aforementioned database.  This meant that downloads from FileKicker generated the scary message, presumably because they delivered some “badware” somewhere, although I have no evidence (nor much doubt) that this happened.  The report was filed by Google.

On Friday, two of our pages that linked to downloads there were blacklisted as well because, I guess, Google assumed that if FileKicker was bad, anybody who linked there must be bad, too.  This is the “bad neighborhood” idea: we never linked to anything classified as badware or even any third-party software, but if we linked to a “bad” site, we must be bad ourselves.  Of course, the fact that FileKicker provided services for thousands of clients does not seem to matter.  This was bad on Windows, but devastating on Mac OS X, where Safari has the vast majority of the market.

By very early Sunday morning, due to quick action from Goodsol to remove all FileKicker links, and a subsequent retraction from Google, our pages were no longer banned, but all our direct links to FileKicker downloads (such as those stored at Apple Downloads) were still a major problem.  It took until yesterday [Wednesday] evening (i.e., six days) before FileKicker got this problem resolved for their downloads, with precious little information provided to customers in the interim.

This was a ridiculous episode, which produced many insights:

  1. The problem was first reported in the newsgroups of the Association of Shareware Professionals (by Dexter Bell of The Utility Factory, developer of FileBoss, an excellent file manager).  This is one of those situations in which ASP membership (and participation) was invaluable for rapid response.
  2. Digital River claims to be “the global leader in e-commerce”, a public company with close to $3 Billion in annual transactions, yet it took DR three times as long to fix the problem as Goodsol Development, a MicroISV, and never informed its clients until well after ASP members informed them.
  3. SWMirror, an independently operated download service run by Mitchell Vincent, was able to provide (better) services to affected publishers and have many downloads restored before FileKicker, part of a conglomerate with more than 1000 employees, even acknowledged the problem.
  4. The pattern of Digital River buying successful companies serving the shareware industry and turning them into garbage is intact; in fact, that record may now be unblemished.  Dealing with DR companies should only be done with due deliberation.  (read: “Do not touch them with a bargepole.”)
  5. The concept that Google can, with a simple electronic “report”, essentially shut down an internet business overnight, is more than a little scary.  Imagine launching a product that could compete with Google (or a blog being critical of them) and having most of your traffic cut off by a similar unsubstantiated report.
  6. The whole internet is a “bad neighborhood”. In fact, Google itself would be the worst culprit of all, since it provides links to nearly every crack site, domain squatter, malware distributor, and internet fraud out there.

Really, I am definitely in favor of a system to eliminate (or castrate) true spammers and distributors of malware, but when an honest company that has been doing business online safely almost since the inception of the web is economically impacted, things have gone too far.

Here endeth the rant.

Leave a Reply

Your email address will not be published.