Spyware exists for a single reason — to make money for someone. To you, popup blizzards are incredible annoyances. To others, it’s like the sweet ka-ching of cash registers. So if you want to find out who’s abetting spyware, you should, as Woodward and Bernstein said during their investigation of the Watergate break-in, “Follow the money.”

Now someone has. And he’s followed it to a very surprising destination — to the much-loved search site Google.

I’m not saying that Google consciously abets spyware. But as you’ll see, the company isn’t doing all it should to police its ad payouts — and that may help spyware authors.

Ben Edelman is a Harvard-based researcher, and probably the top authority on the planet when it comes to investigating the seamy financial side of spyware. Edelman notes that spyware often delivers ads given to it by ad intermediaries. Spyware authors are paid by the intermediaries for each click. And the intermediaries in turn are paid by a site for each click. Kill that money chain, and you kill a good deal of spyware.

So what does this have to do with Google? Plenty, at least according to Edelman. Google has an ad program called AdSense. Edelman analyzed the ads delivered by a company called 180solutions that is considered by many spyware, and that delivers unwanted popup ads. His findings : “Pay-per-click advertisers pay Google to show their ads on Google’s AdSense partner sites. Some AdSense members then pay 180 to show the members’ sites via 180solutions popups” — in other word, via spyware.

He continues, “I tabulated the advertising intermediaries behind 180solutions’ 88,000+ current ads. I find that more than 4,600 of 180’s ads include embedded Google ads, while thousands of other ads pass through major ad networks and tracking services like aQuantive and DoubleClick.”

In all, he says, more than five percent of 180’s ads “include Google AdSense ads, making Google the most prevalent source of funding for web sites advertising with 180solutions.”

Not Google’s fault, you say? Well, yes and no. Google foresaw that its AdSense program might be used by spyware, and so specifically prohibits its use in that way. But it hasn’t taken action to stop it. And so the popup blizzards continue.

I’m a big fan of all things Google, and I don’t think Google knowingly lets this happen. But I hope someone at the company recognizes the contribution it’s making to the spyware scourge and starts policing its AdSense program better. In some small way, at least, that might help solve the spyware problem.

Is Google to blame for spyware? Let me know what you think.

Microsoft released the final version of Windows Desktop Search (previously called MSN Desktop Search), just in time for me to give it up.

I wrote a while back that it beats Google Desktop, hands-down. It still does. Google thinks of your hard disk as if it’s the Web, while Windows Desktop Search thinks of it as what it is, a hard disk, and so gives you many more searching options.

But as an article in WindowsDevCenter by Jake Ludington shows, there’s a search tool that beats Windows Desktop Search at its own game — Copernic Desktop Search.

Like Windows Desktop Search, it recognizes that your hard disk is a hard disk, and so gives you many ways to find the exact file or email you’re looking for. It can also search mapped network drives. The interface is much cleaner and easier to use than Windows Desktop Search. And the deciding factor, for me, is that unlike Windows Desktop Search, it’s not a resource hog. You won’t even notice it’s there.

That being said, it’s not perfect. It won’t search through OneNote, something I hope will be fixed eventually. And it leaves out some of Windows Desktop Search’s niftier features, but only a few of them. But those are small prices to pay.

So for now, at least, Copernic is the one I use. How about you? Let me know your favorites.

Tell me which desktop search tool you use most.

Another day, another Firefox vulnerability.

Ho hum. It’s starting to feel old hat.

But the way that Firefox has responded to the latest threat (and previous threats) has given those in charge of the browser a black eye.

First, consider the newest vulnerability. This time around, it’s serious — “extremely critical” because the flaw in Firefox and Mozilla could allow malicious code to be executed on someone’s machine when they visit a Web site. As I write this, there’s no complete fix, but Mozilla is working on the problem.

In the meantime, you can protect yourself by disabling JavaScript by choosing Tools–>Options–>Web Features, and unchecking the box next to “Enable JavaScript”. You should also disable Firefox’s software installation feature by going to the same screen and unchecking the box next to “Allow web sites to install software”. When you’re done, click OK.

The problem here is that if you visit the Firefox front page, you’ll find not a single word about the vulnerability. No warning. No explanation of the security issue. No details on how to protect yourself. Nothing. If you want to find out about it, you’ll have to dig very deep on the Mozilla site to find the security advisory.

This just isn’t good enough. Security holes are the price of success — there will be more of them. But the Firefox team has to start fessing up publicly on its own Web site when there’s a vulnerability, and give people instructions on how to protect themselves.

What do you think about the way Firefox developers respond to security threats?

Sometimes you just want to forget about the big issues of the day and complain about one of those little things about life at the keyboard that drives you nearly half-insane.

This is one of those times. So bear with me.

Why is it that it takes my XP machine half an eternity to shut down? Click the Start button, click Turn Off Computer, and Click Turn Off. Then wait half a year.

Is it too much to ask to have it actually shut down within fifteen or twenty seconds? Is it too much to ask that it shut down without spewing half a dozen error messages alerting me that this or that program or process doesn’t seem to want to give up the ghost?

Is it too much to ask to actually have it shut down at all, in fact? Half the time, it seems, it won’t shut down, and so I have to resort to pressing the computer’s On/Off button. And then sometimes event that doesn’t work, and I have to unplug the power cord to shut it off.

Microsoft has promised that Longhorn will fix these shutdown and startup problems. Sure it will. It’ll also solve world hunger, usher in a millennium of world peace, and answer the eternal question posed by Holden Caulfield in The Catcher in the Rye — where do the ducks in New York’s Central Park go in the winter time?

In other words, don’t hold your breath.

Ah, that feels better, now that I’ve got it off my chest.

Do you have any similar cranky complaints about the little things in Windows that drive you crazy? If so, talk back to me, below.

What drives you around the bend about Windows? Get it off your chest and let the world know. You’ll feel better for it.

Related link: http://www.LibertyAssociates.com

I’m pleased to announce that O’Reilly has released two new books I’ve written on C# 2.0

Visual C# 2.0: A Developer’s Notebook is targeted directly at the experienced C# programmer who wants to make the transitition to 2.0. It is comprised of five chapters, C#, Visual Studio, Windows Apps, Web Apps and Data.

Each chapter focuses on what is new, with a series of labs to illustrate each feature.

Programming C# 4th Edition is a fully updated new edition of the international best seller recommended by Amazon, B&N, and many user groups and news groups. This book assumes no prior C# experience, but is focused on 2.0 rather than 1.1.

For each of these books you can read a sample chapter, get the source code, find related material and join a support discussion group at my web site: http://www.LibertyAssociates.com — click on books.

Thanks!

-j