Hmmm....... I wonder where the boundaries for antivirus detection actually lie these days?
As far as I know, avast! doesn't target commercial adware. I know some adware programs and Trojans are in the definitions, but these are at the more malicious end of the spectrum- adware which installs without user consent, etc. The problem with adware like whenU is that it may be legal:
http://www.spywareinfo.com/newsletter/archives/0903/9.php#savenowJudge Lee ruled that WhenU was not violating the law because users agreed to install the software and users have the right to run whatever software they please.
http://www.spywareguide.com/product_show.php?id=2376WhenU claims they do not track user data they do not use cookies, track clickstream data ,compile a centralized database of users that they do not engage in any type of user profiling.
Any AV adding such a program to their definitions better have a good legal team if the adware company decides to take legal action.
In the case of WhenU, SpywareGuide has this quote from Ben Edelman:
16. I have reviewed the WhenU privacy policy, and I have concluded that WhenU violates this policy when it transmits to its servers some of the specific URLs viewed by WhenU users. The policy reads, in relevant part, as follows: 'As the user surfs the Internet, URLS visited by the user (i.e. the user's 'clickstream data') are NOT transmitted to WhenU.com or any third party server.'
17. In my examinations, it is true that WhenU software does not transmit to its server all URLs visited by WhenU users. But WhenU software does transmit to its server some URLs visited by WhenU users. Since WhenU's privacy policy seems to promise not to transmit any URLs visited by WhenU users ('URLs are not transmitted'), I consider WhenU's transmissions to be in violation of its privacy policy.
Presumably to justify the inclusion of WhenU in the X-Cleaner definitions. (X-Cleaner is plugged by SpywareGuide.)
The detection of WhenU is therefore added not because it is adware, but because the company does not comply with its own privacy guidelines.
If I was a (relatively small) AV company, I would think twice about adding commercial adware to my definitions on this basis, risking a lawsuit. I don't know if this is how avast! looks at the problem. Maybe someone from the team could comment.
Meanwhile, for avast! users, read the EULA carefully on any software, do a web search before installing, and preferably download only from sites with an anti-spyware policy...