« Chavez: Crazier than Dean or not? | Main | Memo to Sen. Kerry »

Saturday, September 17, 2005

Of farts and pop-ups: GlaxoSmithKline is conspiring to infect your PC with noxious adware

[Preliminary note: This is an angry consumer rant. It is based on demonstrable facts, but also contains what I believe to be well-informed and justified opinions. My readers may decide for themselves whether they agree with my opinion, for example, that GlaxoSmithKline is conspiring to infect consumers' PCs with noxious adware. But here's a word to GSK's legal staff: If you want to hash this out in court, my full professional contact information is linked from this website, and I'll be glad to meet you on the steps of either the Harris County Civil Courthouse or the U.S. District Court for the Southern District of Texas, Houston Division. If I can, I'll live-blog the whole deal. And let's also both invite the boys and girls from the mainstream media, shall we?]

After my cardiac adventure in July, I made some big changes in my diet. I was dismayed to learn, though, that a high-fiber diet rich in fruits and vegetables is also a diet likely to produce lots of flatulence. My new, healthy breakfasts of low-processed oatmeal, for example, were leading to bloated and embarrassment-risky mornings. As I looked for ways to manage this problem, my research quickly took me to the website — one I shan't link here, for reasons that will become obvious — of a fairly well-known over-the-counter product manufactured by mega-super international drug conglomerate GlaxoSmithKline. That product, "Beano®," is claimed to contain a "food enzyme from a natural source that works with your body’s digestion to break down the complex sugars in gassy foods[,] making them more digestible."

Well, that sounded promising, and I decided to give Beano a try. Now, ordinarily I'm not much of a coupon-clipper. But I'll bend over to pick up a dime on the ground, and if I'm planning to buy a product anyway, I'll usually clip a coupon for that product if I happen to see one. Thus I clicked the link on the Beano website that promised "$1 Off Coupon and Free Food Pyramid Partner Informational Card."

I'm also a firm believer that TANSTAAFL is one of the natural laws that drives the universe, however, and so I wasn't surprised or particularly dismayed to have to fill out an online survey before I got to the coupon. And yeah, although like everyone I'm up to my neck in email spam, I was willing to fork over an email address en route to the coupon too (although I was a bit miffed that there wasn't an obvious "spam opt-out" box to check). But on my first read-through, I didn't notice the statement reading "You may be prompted to download a small, free software application (called a Coupon Manager) to print," nor click the link to "Learn more about the Coupon Manager and the print process." Instead, I fired up my printer, clicked the "Print My Coupon" button, and expected my browser window to fill with a coupon that I could print out and take to the supermarket.

But no. Instead I found myself at a screen that said: "You need to activate your Coupon Manager. Please make sure your printer is on, and click 'Activate Now’ below. Your coupon will print automatically in about 30 seconds!" And being a typical consumer (which is to say, a vulnerable idiot), I clicked on the "Activate Now" button.

Thankfully, however, in one respect I'm not a typical consumer/vulnerable idiot. A few months ago, I'd finally taken up the suggestions of many friends and had (mostly) quit using Internet Explorer as my default web browser, switching instead to Mozilla Firefox mostly for its better security. And here, Firefox saved me: "To protect your computer, Firefox prevented this site (mn103.coolsavings.com) from installing software on your computer."

Having dodged a bullet, I began looking into who'd shot at me. In fairly short order, I learned that "Cool Savings" is a company that promulgates noxious adware — programs that stealthily infect your PC and that thereafter will pop up windows offering you products you've never expressed any interest whatsoever in buying. They're a zillion times worse than mere email spammers; they're more than simply annoying because they can slow down and eventually paralyze a PC. And they're deliberately designed to be difficult to get rid of.

Just a little bit of Googling took me to this address, where I learned that the specific bit of adware mischief I'd just avoided would have "display[ed] popup/popunder ads when the primary user interface is not visible or which do not appear to be assocaited with the product," and that it "[c]an't be uninstalled by Windows Add/Remove Programs and no uninstaller is provided with the application."

By this point I was more than mildly annoyed, so I began tracing my steps back and looking more closely at the disclosures/warnings — or lack thereof. Checking the "learn more" link I'd skipped earlier, I found this carefully crafted bit of pseudo-disclosure (boldface mine):

The Coupon Manager is a free application powered by CoolSavings, Inc. that securely prints GSK coupons. It helps us bring you high-quality coupons that scan at the register. It is not a trojan, virus, spywear [sic] or virus-delivery software. You will need to install the Coupon Manager to print the coupons. The first time you print a coupon, you will be given instructions on the downloading process....

CoolSavings is #1 coupon delivery Web site on the Internet and trusted partner of GSK.

This is called lying by hiding the important part of the truth. This "disclosure" makes it look like GlaxoSmithKline — a major multinational corporation whom millions of people quite literally trust with their lives when they take GSK medications — is assuring you that you're not screwing up your computer as a cost of printing out this lousy $1 coupon. And technically, the "Coupon Manager" may not be a piece of "trojan, virus, spywear [sic] or virus-delivery software." No, it's just noxious adware that will pester you from now until kingdom-come with pop-up windows containing offers to sell you products you've never expressed any interest in, and that you'll have a devil of a time scrubbing off your computer. To put it mildly, whatever "consent" Cool Savings and GSK obtain in connection with this disclosure is, in my considered opinion, completely invalid because it's not informed consent. To be minimally adequate as a basis for securing informed consent, the disclosures would need to contain the terms "adware," "pop-up windows," "unrelated products," "perpetuity," and "demons from hell." (Well, maybe not that last one, but certainly the first four.)

Now genuinely incensed, I emailed GlaxoSmithKline to complain, and to alert them that they were in bed with a company that promulgates noxious adware. Here's what I got back:

Dear Mr. Dyer,

We have received your e-mail message regarding Beano® Food Enzyme Dietary Supplement.

We're sorry to learn that you have been experiencing difficulty downloading the coupon.  You do not need to agree to future emails in order to receive the $1.00 coupon.

We are not sure why your coupon did not print for you but this is not the reason.

We do manage our coupons through a coupon manger, Cool Savings. It is not secretly installed as you must agree to have the program downloaded. We are sorry to hear that you do not care for our process. We will notify our technical support team of your comments.

We appreciate you as a Beano® customer and again apologize for any inconvenience you may have experienced.

We appreciate your taking the time to contact us.


GlaxoSmithKline Consumer Healthcare

Now I know that the scammers and the spammers, like the poor, will always be with us. I have no expectations from a company like "Cool Savings," other than a vague hope that some reasonably competent and responsible state attorney-general will put them out of business. But ladies and gentlemen, friends and neighbors, GlaxoSmithKline is "a leader in the worldwide consumer healthcare market" that has "nearly $5 billion in sales, over ten $100 million brands and [is] present in 130 markets." It claims that it "will promote [GSK's] products in line with high ethical, medical and scientific standards and will comply with all applicable laws and regulations." It claims that "[b]usiness ethics is the responsibility of everyone at GSK, not just senior managers," and further claims that "[i]nducements such as gifts or bribes are never acceptable under any circumstances." Yet GlaxoSmithKline knows that the company it's dealing with for these coupons will deliberately and surreptitiously infect your computer with noxious adware, and it falsely pretends that you've knowingly asked for it to do so! Moreover, GSK knows that its "free coupon" absolutely entails nonmonetary costs and inconvenience that its "trusted partner" has carefully failed to disclose.

Indeed — and in this paragraph I'm speculating and making what seem to me to be reasonable inferences, make no mistake — I'd bet dollars to donuts that GSK is getting fees from Cool Savings, quite possibly calculated on the basis of the number of computers thus infected. And I'd bet that Cool Savings, in turn, is buying the presumptive legitimacy of an internationally known company like GlaxoSmithKline precisely because that's the best way to sneak past consumers who'd otherwise never be stupid enough to "consent" to their abuse.

If GSK wanted to offer you a normal $1-off coupon that you could print from its website and take to the supermarket, it could do that with a simple .gif file. Instead, it appears, and it's my considered if subjective opinion, that GlaxoSmithKline has jumped in bed with whored itself out to knowingly become the "trusted partner of" a rip-off artist noxious adware company — not just to try to get you to buy Beano, but to get a cut of the rip-off artist's noxious adware company's sleazy profits. And that's way, way below the standards of professional or corporate ethics that I'd expect of a company in GlaxoSmithKline's position.

I can't speak for anyone else, but as for me: I'd rather fart.

(By the way, I emailed "Sharon" at GSK's Consumer Healthcare division to advise GSK that I intended to blog about this, with an offer to "print any additional comment or reaction or defense that you or anyone else from the company might wish to offer." No answer; but that offer still stands, and my Comments section is open, and I'll email her a link to this post. I'd be delighted to read and reprint here any attempted justification GSK might offer, and more than delighted to correct any factual errors, add any additional contextual facts, or pass along, when and if true, a report that GSK has come to its senses and mended its ways.)


UPDATE (Sat Sep 17 @ 5:30pm): I'm amused to read of an anti-spyware/adware/malware company that purports to provide "secure content management products and solutions to 50% of the Global 100 corporations, and 40% of the Fortune 500 ... especially those with high volumes of electronic communications, or those for whom content has high value[, such as] GlaxoSmithKline." Whatcha bet that GSK tries very hard to keep Cool Savings' software the heck off its company PCs?

Posted by Beldar at 03:10 PM in Current Affairs | Permalink


Other weblog posts, if any, whose authors have linked to Of farts and pop-ups: GlaxoSmithKline is conspiring to infect your PC with noxious adware and sent a trackback ping are listed here:


(1) Palindrome made the following comment | Sep 17, 2005 3:36:08 PM | Permalink

Try http://www.worldwidehealthcenter.net/healthconcerns-42.html or cinnamon, fennel seed, ginger root

(2) Yogurt made the following comment | Sep 17, 2005 4:43:43 PM | Permalink

Can I add Acrobat to your list of Most Offensive Programs? For months now it has been demanding I upgrade, but it forces you to install Yahoo toolbar also, so I politely decline...

Btw, Does the Bean-o work?? :)

(3) Beldar made the following comment | Sep 17, 2005 5:39:37 PM | Permalink

Yogurt, I know there's a way to tell the Acrobat reader not to check for upgrades, and there's probably a way to avoid getting the toolbar, but I'm not enough of a technogeek to guide you through it. One man's annoyance is perhaps another's friend; Adobe actually ranks very high on my list of companies who've done a great service by the free distribution of the .pdf readers, and I'm reasonably well pleased with the commercial version of the Acrobat software that I use at work to create .pdf files daily. As for the Beano — I dunno if it works or not because I never got the "free coupon" and I'm disinclined to patronize GSK with my business now.

(4) Josh Poulson made the following comment | Sep 17, 2005 7:11:37 PM | Permalink

If you think this is bad, imagine being on CoolSavings mailing list, which uses multiple from addresses to avoid my spam filter. My wife succombed to their advances, and now I delete 20-30 mail messages a day that have nothing to do with our desires.

What's more, every day I delete 40-100 comments and trackbacks from my blog's junk filter. They fell into the filter because those comments and trackbacks indicate my readers are demanding Online Poker and Viagra, despite no one posting comments to that effect.

(5) Old Coot made the following comment | Sep 17, 2005 9:15:20 PM | Permalink

So until this is resolved, you intend to stay away from open flames? Signed: A concerned reader.

(6) Pat made the following comment | Sep 17, 2005 10:40:25 PM | Permalink

I'm not a great fan of lawyers, unless I need one. One only needs to read jurors' remarks on the Vioxx case to understand that lawyers who help select a jury and then ask the same jurors to send a message to Merck so they can appear on Oprah are not exactly asking for a fair evaluation of the scientific evidence. One fantasizes that all those jurors writhe in arthritic pain until they die of cancer. It's sort of like hoping all the OJ jurors die violent deaths at the hands of a football player.

Avian flu? Lethal strain? Want a vaccine? Nobody makes them. Why? Irrational lawsuits.

Suing drug companies because FDA approved drugs increase risks for a small minority, while helping a huge majority live better lives, is not helping the common good. Vaccines kill a tiny minority yet they save the majority from death or debilitating disease.

Imagine a world without drug companies. Imagine a world where the only drugs you can buy have no side-effects and NO benefits. Actually, there is such a world: it's called homeopathy. The problem is that drugs, as we know them, work by interfering with the body's chemistry. That's not a zero-sum game. Mostly it's good. Sometimes it's bad. For most people, the alternative to using the drug is usually worse than not taking it.

There are cases where lawyers are useful. Suing Saudis for financing Al Qaeda is good. Suing spammers and the like is good. Suing Glaxo so they stop installing sh*tware on your computer is good.

But, after the OJ trial, the vaccine disappearence, the Alar scare,
the breast implant disaster, and the abestos catastrophe, forgive me if my faith in trial lawyers is, like, negative.

Oh, and that's before looking at the role of lawyers in hindering our war against radical Islam.

(7) Pat made the following comment | Sep 17, 2005 10:42:41 PM | Permalink

Truncated comment....

But, after the OJ trial, the vaccine disappearence, the Alar scare,
the breast implant disaster, and the abestos catastrophe, forgive me if my faith in trial lawyers is, like, negative.

Oh, and that's before looking at the role of lawyers in hindering our war against radical Islam.

(8) Mark Alger made the following comment | Sep 18, 2005 9:06:41 AM | Permalink

I am so glad to see an attorney run afoul of this muck. Since IANAL, this is only windbaggery, but check me on this.

I believe that the publisher of any program which installs without recourse the operating system's install/uninstall mechanism has, by that behavior, demonstrated a clear intent to defraud.

Such installation IMHO constitutes theft by conversion (or whatever the proper legal term is). That is, without explicit affirmative permission to install, the placement of software on a computer without the owner's knowledge or approval is... etc.

In the case of a professional's computer (I have an inventory of several hundred thousand dollars' worth of graphics on my laptop, for instance, use the system as a principal and critical tool of my livelihood , and work assiduously to keep it in good operating order), the possibility of rendering a system unusable is not trivial.

I think there is a cause of action, and that such action if it became common, might spur a reaction from legislatures directed toward giving end users relief. But how do you procede?


(9) Beldar made the following comment | Sep 18, 2005 11:54:11 AM | Permalink

Mr. Alger, having practically begged GSK and Cool Savings to sue me, I don't want to lay out in detail what my counterclaim would be, or how I or another lawyer might proceed if representing someone who'd actually had the noxious adware installed. But I do indeed believe and agree that there is ample law, state and federal, common and statutory, under which one injured by their conduct, on facts comparable to the ones I recounted, might seek to recover damages.

(10) Joan made the following comment | Sep 18, 2005 1:35:03 PM | Permalink

If you're still having problems with flatulence, you might give probiotics a try. These are beneficial bacteria that help keep the balance in your intestinal tract -- lactobacillus, etc. Look for ones that are in capsule (not tablet) form, and require refrigeration -- they work better than the ones that are formulated as tablets.

Good luck on getting GSK to get their corporate heads out of their butts...

(11) David made the following comment | Sep 18, 2005 2:12:36 PM | Permalink

You go, Bedlar!

Here's a legal question: Can these adware/spyware firms be sued for, say, trespass or violation of common-law or statutory privacy rights?

While class actions rarely benefit consumers (Typical case scenario: “Burger World” customers get sick on its tainted beef; an action is brought and a class is certified; discovery is conducted and a settlement is proposed -- Plaintiffs get a coupon for a free drink with their next purchase of a “WonderBurger,” Defendant consents to sell only fresh meat thenceforth, and the lawyers get $12 million.).

But I do know of numerous people whose computers froze up or were ruined by spyware and adware and have legitimate damages. What say ye?


(12) Beldar made the following comment | Sep 18, 2005 2:56:23 PM | Permalink

What the adware/spyware companies rely upon is not that what they're doing is non-actionable, but that what they're doing is usually too small-potatoes for anyone to seriously pursue them over.

Class-actions are intended, in part, to address just that problem, but your point about their effect in actual practice is well taken.

The FTC and state attorneys-general sometimes have the resources and motivation to seek injunctions that sometimes do some good. (I've forwarded a complaint about GSK, for example, to the Texas AG's office, suggesting that GSK's coupon promotion violates several provisions of the main Texas consumer protection statute.)

The biggest practical problem, and biggest procedural hurdle to using class actions in cases like this one, is that every affected individual's situation varies so considerably. Some had catastrophic consequential results, some were merely annoyed; some were able to cleanse their PCs, some weren't; some read the pseudo-disclosure, some didn't.

I'm not saying it's impossible. On the brink of a class certification hearing, Toshiba, for instance, agreed to pay a purported $3 billion in cash, coupons, and other consideration to settle a recent class action suit in federal court in Beaumont based on alleged flaws in its floppy disk drive controllers. The real value was probably less than that, but Toshiba still took a $2 billion write-down on its books. (The legal fees in that case, paid in cash over a couple of years, were on the order of 20x greater than your hypothetical, by the way, and exactly none of them went to me, although I was monitoring the case for another computer manufacturer facing similar claims.) But that was an exceptional case.

My purpose in making this post, frankly, is to bring pressure through what I perceive as a promising route — exposing, and shaming, responsible corporate citizens whose active cooperation is enabling companies like Cool Savings. We'll see, I suppose, whether I can get the attention of anyone upstream from the brazen and unrepentent "Sharon."

(13) Phelps made the following comment | Sep 18, 2005 5:57:22 PM | Permalink

I would also dispute that it is in fact not a trojan. I'm pretty sure that would be a fact question, and you could muster up an entire army of experts that would testify that it is.

Ten years ago, in 1995, it would have been difficult to bring this case to a jury and win (since so many didn't have computers and so very, very few were connected to any sort of network.) Now, we live in a different world.

(14) James B. Shearer made the following comment | Sep 18, 2005 6:29:39 PM | Permalink

Beldar, regarding the Toshiba case, I am under the impresssion that the alleged flaw in question was a theoretical possibility which had not been shown to have actually occurred even once much less caused any significant damage. And that Toshiba settled for a ridiculous amount because they did not share your faith in Texas juries, fearing in particular that a Japanese company would have little chance in a Texas court. Any comment? Was justice done in this case?

(15) Attila (Pillage Idiot) made the following comment | Sep 19, 2005 5:03:48 PM | Permalink

I feel your pain -- about the ad-ware, that is.

About the flatulence, I have two bits of advice: 1. Blame it on the dog. 2. Revel in it.

Best of luck to you.

(16) Michael T made the following comment | Sep 19, 2005 7:43:23 PM | Permalink

In terms of the flatulence, when I switched to a high-fiber diet, I too had some flatulence and cramps. I read somewhere that drinking lots of water would help and it has indeed. I generally drink 4-5 8oz glasses each morning. Lots of bathroom breaks but the dog doesn't have to worry about false accusations. ;)

(17) Spider made the following comment | Sep 29, 2005 11:02:08 PM | Permalink

It was most likely a decision Publicis Dialog, a multinational marketing/PR company, not GSK's people themselves, who made this decision. Publicis Dialog produced the web site for them.


(18) Carl Pham made the following comment | Oct 18, 2005 1:28:22 PM | Permalink

Christ, Beldar, you want that a Vice-President of GSK should personally vet each and every decision made by low-level twentysomething marketing suits? Or just those that pertain to you?

They do have a company to run, you know. Drugs to discover, that kind of thing. Exactly how much more are you willing to pay for your drugs so that the behemoth that is GSK never makes a doofoid corporate decision (out of the 6000 they have to make every day) that stupidly lends the company's prestige to a small-time sh*thead operator? Your main problem here seems to be GSK lending its name and respectability to an operation that in other circumstances you would treat with the same caution you'd give a buzzing rattlesnake. You've admitted you were told about the nasty pop-up ware before you installed it yourself, albeit in a sneaky way that would cause a lazy person's (e.g. your) eyes to glaze over and your overloaded brain to just order your finger to push all the "I Accept" buttons without thinking too hard. You have admitted that part of the blame rests with your own less than stellar credentials to be operating a host on the vast public information superhighway. You do still subscribe to the notion that caveat emptor is preferable to the nanny state, don't you?

So just suck it up and consider it a cheap lesson in the dangers of trusting a brand name (GSK) outside of its area of competence (pharmaceuticals). You've told the company politely but firmly you think this is a dumbass decision. Go ahead an encourage others to do so, too. But the angry legal bluster sounds a bit whiny to be coming from a grown Texan.

(19) Beldar made the following comment | Oct 18, 2005 7:34:55 PM | Permalink

Mr. Pham, your comment is on the outer boundary of what I consider civil. But it's also badly wrong.

GSK's own policies require all of its employees — from the CEO down to the guy pushing the mail room cart — to follow ethical business practices. It is not unreasonable to ask them to follow those policies, nor unreasonable to point out to the public when they've deviated from them.

If we free drug companies from their ethical and legal obligations to avoid deliberately infecting consumers' computers with malware, I don't believe it's likely to translate into savings at the pharmacy.

Holding tortfeasors responsible for their fraud and for the damage they inflict on consumers' computers is not an aspect of the "nanny state."

Your post boils down to: "You're stupid, Beldar, so it doesn't matter if they're doing something wicked." I certainly reject the second part, and the mode of argument, and I will as always leave it to my readers to decide about the first for themselves.

Spider, you may be quite right about how the initial decision was made and who made it. But if so, it was made pursuant to their delegated permission, and they're responsible; moreover, GSK appears to be sticking behind it.

(20) Ed made the following comment | Nov 3, 2005 10:40:11 PM | Permalink

There is an interesting discovery of some badly written malware. This Malware is part of the Digital Rights Management software installed by a Sony music CD http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

The Sony CD software hooks Windows to hide its files (and any other file starting with $sys$) and registry entries like a Trojan or Virus. The Malware consumes between 1% and 2% of the CPU (even when the CD is not present).
Sony does not tell the user that he/she is modifying the operating system of the computer and not simply installing a music player application.
Sony provided no mechanism for removal of the software. Manual removal requires far greater than average technical knowledge of Windows.

(The Malware was written by better programmers it would have been far harder to detect.)

Sony has partially responded with a patch which makes the files visible and if one begs for it they have promised to send a removal tool. http://seattlepi.nwsource.com/business/1700AP_Sony_Copy_Protection.html

The investigation of this apparent infection of the computer included disassembly and reverse engineering. The software was installed by the Sony CD. The Sony CD has an End User License agreement (shrink wrap license).
The EULA Article 3 (d) states "You may not decompile, reverse engineer or disassemble any of the LICENSED MATERIALS, in whole or in part." Was this discovery process a violation of the Digital Millennium Copyright Act?

The DMCA also prohibits tampering or removal of Digital Rights Management software (c.f. Title 12 USC Section 1201(a), specifically (1)(A) and (3)(A) where (1)(A) prohibits tampering and (3)(A) defines removal of the software as tampering). Does this really make the removal of this kind of software a violation?

(21) Samuel Bartrim made the following comment | Dec 4, 2005 9:08:10 PM | Permalink

Very interesting. keep the good work! Compute Round is very good Girl: http://harrypotter.warnerbros.com/ , Astonishing Cards is always Astonishing Table International Game becomes Bad Cards in final , to Hope TV you should be very Coolblooded Make Increase Double - that is all that Chips is capable of

(22) JP made the following comment | Jun 11, 2006 12:56:24 PM | Permalink

I tried in vain to install Cool Savings Coupon Manager. At first I just thought it was my pop-up blocker. Then I was prompted by Cool Savings to close my Microsoft antispyware program. Then I had to reconfigure my SpyBlaster. After disarming a few more security programs, I decided this program must be seriously dangerous to my computer.

I know that realization may have come a bit slowly, but I had read the disclaimer you mentioned in your article, "It is not a trojan, virus..."

It's hard to believe the amount of "respected" companies that use this disgusting service to distribute their coupons. I can only assume that they know about this, and if they don't, they should.

Thank goodness for good spyware programs that protect me even when I'm being stupid.

(23) Marla Davis made the following comment | Oct 4, 2006 2:40:52 AM | Permalink

I've had problems with Coolsavings for a few years now. Not only do they cause problems in the security area, but I see their receiving advertising money, then promoting the coupons on their site with a non-functioning coupon printing site as false advertising. It reminds me almost of a company that has public "fake" sites to launder money so to speak. They have so many victims: the many Internet companies they charge advertising money for the coupons they claim to provide to consumers but don't, as well as all the consumers who waste hundreds of hours of time and money not receiving the benefits Coolsavings promises all over the Internet. It's just plain wrong and it's troubling every time I see their name on sites. It also hurts the business of valid, working, reputable coupon sites. How unAmerican that whole set up is. You'll see complaints about the inability to print simple coupons at Coolsavings for the last three years all over the Internet, not including probably the millions of people that it happens to, but don't report it. Something serious needs to be done in this area to support and protect consumers.

The comments to this entry are closed.