Gator was a computer program by Claria Corporation. Notorious as one of the first widespread spyware applications, Gator had inadvertently created a revolution in consumer backlash against irresponsible computer program design and malware proliferation. While various computer security vulnerabilities, such as viruses, had been familiar to security experts for years, Gator was the first program to cause widespread concern among nontechnical home computer users.

Although most installations of Gator were performed with full disclosure regarding the nature of the program, many users who did not read it’s EULA were unaware of the program’s activity. While this fact had saved Claria Corporation from several lawsuits, unfortunately, it had not stimulated an increase in consumer awareness regarding the need to read EULAs and to understand them. Additionally, Gator could not be removed via standard software removal procedures.

Although Gator is considered spyware, the computer security industry often cites the non-spyware components of Gator in its classification. This is typical of the computer security industry, who often miseducate consumers intending to broaden the need for their products. Usually, Gator is charged with being spyware because it implants pop-up advertisements on webpages viewed in Internet Explorer. This behavior is not spyware related, rather, it is adware related.

Is Gator a Spyware?

Gator is considered spyware because it stores users’ personal information, such as name, email address, geographic location, age, and even credit card numbers, and sends this information to its central servers. Claria ascertains that the information is used for delivering relevant advertisements only, and is stored only in aggregate form. However, Gator communications with its central servers are not encrypted, and the information is easily intercepted by malicious third parties. Additionally, email addresses associated with Gator installations are often the targets of spam email, implying that Claria sells collected email addresses to spammers. The Gator EULA is not clear on the matter of user privacy regarding the confidentiality of collected email addresses.

Originally, Gator had been installed as a bundled application in other programs, with Claria paying software developers for each Gator installation. During software installation, the user had been presented with an option of reading the complete Gator End User License Agreement, which describes in detail the nature of the program. However, the OK-OK-OK-Finish culture common to Microsoft Windows users had often hidden the license, thus many users had not known about the installation. After installation, Gator would prompt users to save their personal information in its database, to fill in web-based forms on their behalf. Based on the information in these forms, and the URLs of pages visited, Gator would download and display relevant advertisements to users. Often, these advertisements would appear on competitor’s websites, inserted into the page locally via the Gator software.

Later forms of Gator had been adapted to ‘drive-by installation’ via ActiveX in Internet Explorer. Whether Claria or a third-party software developer had performed the modification is unknown, however, the modified Gator was functionally identical to the original version, with the exception that the EULA was presented as a link (that did not always work) in the ActiveX control instead of as a text file in the standard Windows installer.

Is Gator a Legitimate software?

Gators script Generation process and social engineering techniques to capture sensitive information from the user creates doubts about the Gator’s real intention and objective. Whatever the sensitive information captured by the Gator is not accessible to the owner of the information (or the user) as it is encrypted. The user does not have anything about the information captured by Gator. In the “Privacy Statement and EULA” of Gator says, “We sometimes use third party contractors who may be given access to any information we have so they may perform tasks that might otherwise be done by our employees”.

Without clearly understanding the “Third Party” the users of Gator is giving their information to Gator. The user does not have any idea about the reputation of this third party, the measures the Third-party has taken to protect the Sensitive information and the purpose of the usage of sensitive information. Gator poses some threat to “availability”. Because Gator is closely monitoring the user’s Web behavior and based on that behaviors Gator targets some advertisements to the infected users desktop.

This target-oriented advertising prevents users from having access to the original advertisement. This could result in situations like those that the user is prevented from getting the original advertisement, which may consist of more benefits. By displaying some unnecessary advertisement, (though the gator says “targeted advertisement”), unnecessary services running on the computer and usage of bandwidth to communicate with other ad servers creates problems in availability and productivity.