Check out my column for this month at eSecurity Planet. Here’s a sample:

It’s important to remember that plenty of good companies make mistakes. But in my book, what sets a good company apart from a bad one is how they react when their mistakes are discovered.

When interviewed on the radio, the president of Sony BMG’s Global Digital Business, Thomas Hesse, said, “Most people, I think, don’t even know what a rootkit is, so why should they care about it?”

Note to Mr. Hesse: “Who cares?” is seldom a good response.

I’m betting that Mr. Hesse didn’t know what a rootkit was before this issue arose, and from the tone of his comments, you can be sure he still doesn’t understand the consequences of it. Unfortunately for him, the gross tonnage of what he doesn’t understand about how his company screwed up only now is coming to light.

Enjoy!

I am an avid user of Instant Messaging (IM), using it to keep in touch with business colleagues, friends, and family around the world.

Because I have friends scattered among the three major services — AOL Instant Messenger (AIM), MSN Messenger, and Yahoo! Messenger — I have accounts on all three. But AOL’s history of intrusive and annoying advertising practices has ensured that I won’t touch the AIM client software.

My grudge against the AIM software began a few years ago while I was in the middle of several months of radio interviews promoting one of my books, Fighting Spam for Dummies. (Speaking of intrusive advertising, you can pick up my book at your favorite online retailer!)

One particular morning, I had arisen around 3 a.m. PST to do a morning drive-time interview on a major East Coast market radio station. Shuffling to my desk in my bunny slippers and bathrobe, I fired up my computer so I would have my notes handy during the interview, and then I made the call into the radio station.

The interview started well, but just a few moments into it, my computer began to loudly play what sounded like a commercial for an action movie. The sounds of martial arts music and exploding bad guys were being blared over my phone to thousands of the radio station’s listeners, drowning out my own voice.

Panicking, I quickly tried to stop whatever was playing on my computer, but I couldn’t find it! In my haste to make the noise stop, I wound up unplugging my computer. That stopped the racket, but the damage was already done: The radio host thought I was nuts, I was flustered and struggling to pick up where I’d left off, and the 90-second segment was almost over.

In the aftermath, it took me quite a while but I managed to track down the source of the disaster: AIM.

To read more, go to my article AIM: Getting More than You Bargained For at eSecurityPlanet.com.

CNet reports that America Online’s Advertising.com subsidiary has reached a settlement with the Federal Trade Commission on charges that the company had distributed an anti-spyware program that actually contained adware bundled with it, and that the company had failed to adequately notify consumers about the hypocrisy.

According to the report:

Advertising.com, also known as Teknosurf.com, promoted its SpyBlast program as a way to protect users’ computers from “hackers,” the FTC charged. But those who downloaded the product also installed a separate program that monitored their online behavior and served them pop-up ads.

As is usually the case with these sorts of settlements, the company admitted no wrongdoing, but promised not to do it again. The company will also submit to FTC oversight of its behavior, which could subject them to substantial fines if the company is caught engaging in deceptive or unfair practices in future.

You can read the FTC’s press release here, and the settlement agreement here.

Pulling together two of my recent blog postings, my monthly article for eSecurity Planet discusses recent moves by Microsoft that raise some significant questions about their efforts to promote trustworthiness and authentication in computing.

As Microsoft continues to make doe-eyes towards the malware impresarios at Claria, the PR flacks are practicing their Tae-Bo moves in contorting themselves to explain why MS’s anti-spyware utility no longer recommends removal of Claria’s garbage.

According to a CNet article today, MS has issued a public statement to explain why it’s given Claria’s malware the kid-gloves treatment. According to the statement:

We also decided that adjustments should be made to the classification of Claria software in order to be fair and consistent with how Windows AntiSpyware (Beta) handles similar software from other vendors.

So there you have it… you can count on Microsoft’s anti-spyware utility to recommend that you “ignore” unwanted software by any vendor whose reputation is as bad as Claria’s.

As Microsoft puts it:

Microsoft is committed to helping protect our customers from spyware and other unwanted software by providing guidance and technology solutions. We firmly believe that people should have complete control over what runs on their computers.

Except when they’re interested in buying the company whose software has seized control of your computer, apparently.