An internet security nonprofit has designated the two latest versions of the popular RealPlayer as “badware.”
Maxim Weinstein, manager of StopBadware.org, told SCMagazine.com that versions 10.5 and 11 of the cross-platform audio and video player were labelled as badware because they fail to properly disclose certain actions to users.
Users who download RealPlayer 11 automatically receive the Rhapsody Player Engine, an ActiveX control that lets individuals play Rhapsody file formats, Weinstein said. But if users choose to uninstall RealPlayer, the Rhapsody Engine stays on their PC.
“You don't know this,” he said. “You don't think [RealPlayer] installed a second thing that is still sticking around and occupying space on your computer. There's no reason to believe it's a security risk, but anytime you have an extra application on your computer that is just sitting there and not being used or being updated, there's always that potential.”
Ryan Luckin, a spokesman for Real Networks, which produces RealPlayer, said the company plans to allow for a bundled uninstall in the next version of the software. There is no scheduled date for its release.
“We acknowledged that this was a misstep on our part, and we're going to fix that,” he said. “If we installed something, we should be able to uninstall all of it.”
Meanwhile, StopBadware also took issue with RealPlayer version 10.5 because it opts in users by default to receive pop-up advertisements announcing RealPlayer features, Weinstein said. To not receive these messages, individuals must unclick a number of boxes during the install process.
If not, “It starts popping up ads or multimedia content of stuff you can play on RealPlayer,” Weinstein said. “It's somewhat annoying. It pops up fairly often from the system tray.”
Luckin said the problem was fixed in version 11, which asks users to opt in to receive the content, which includes news about offers and the latest movies and music.
“At the end of the day, it's not like we hid the check boxes,” Luckin said, adding that the pop-up content all was related to RealPlayer, not third-party vendors.
“It's not, ‘Blockbuster has movies on sale,'” Luckin said.
Weinstein said users should be wary when they install software such as RealPlayer.
“The message from us really is to be aware of these behaviors if you're thinking of installing the application,” he said. "There's some stuff they're not telling you."
See original article on scmagazineus.com
StopBadware finds RealPlayer serving up more than audio/video
By Dan Kaplan on Feb 5, 2008 10:18AM