July 11, 2005 9:00 PM PDT

Group delivers definition of spyware

The nascent Anti-Spyware Coalition plans to publish on Tuesday the first results of its work aimed at bolstering the fight against spyware.

The group, made up of makers of anti-spyware software, will release a proposed definition of spyware and a common lexicon, said Ari Schwartz, an associate director at the Center for Democracy and Technology, which has led the work of the group. Various consumer and industry organizations helped in the effort, he said.

"Any unified approach to the spyware problem is going to require a common definition of what the problem is," Schwartz said. "One of the biggest challenges we have had with spyware has been agreeing on what it is."

The creation of the Anti-Spyware Coalition was first reported by CNET News.com, last month.

Spyware and adware have become a major headache for computer users over the past years. Still, purveyors of the software defend the programs as legitimate marketing tools and take issue with anti-spyware makers when their product is flagged and removed. The coalition's goal is to draw clear lines, ultimately to help consumers keep their PCs clean.

The coalition defines spyware narrowly as software that gathers information about the user and is installed without adequate user notice, consent or control. The definition would mark as spyware any programs that are downloaded and installed surreptitiously or that track what Web sites people visit, for example.

An expanded definition also includes other potentially malicious programs, such as software that provides backdoors for hackers or serves up ads on the user's screen.

In that definition, spyware and other potentially unwanted technologies are described as those that "impair users' control over: material changes that affect their user experience, privacy, or system security; use of their system resources, including what programs are installed on their computers; or collection, use, and distribution of their personal or otherwise sensitive information."

The group has also drafted procedures for dealing with software makers who believe their product has been unfairly flagged as spyware.

Could it backfire?
Critics fear that spyware makers stand to gain most from the coalition's work. It may give them the tools to prevent their software from being flagged and removed by anti-spyware products, said Ben Edelman, a Harvard law student and an adware and spyware researcher.

"The entities most urgently calling for uniform standards are those who make applications often labeled as spyware or adware," he said. "They hope to get a single definition that they can then manage to escape."

Internet users know what software they don't like, and anti-spyware makers should build their products based on that, Edelman said. "There's substantial benefit to letting anti-spyware vendors compete to best match users' desires and preferences," he said.

Both spyware and adware can sap computing power. They're often surreptitiously installed on computers to gather information about people that is used for advertising or provided to other interested parties. The market for tools to remove the unwanted software is booming.

There have been cases where a definition of spyware and dispute policies could have helped anti-spyware software makers set up a stable blacklist. Computer Associates International earlier this year temporarily removed the Gator adware program from the spyware detected by its PestPatrol program after the maker of the software complained. The program has since been put back on CA's list of spyware.

In another example, Microsoft is facing heat over its recent decision to downgrade the threat level for the same adware, now known as Claria. The beta version of Microsoft AntiSpyware previously recommended that users quarantine several products from Claria. The Microsoft product still detects the Claria software, but no longer recommends removal.

The public can comment on the Anti-Spyware Coalition's draft definition until Aug. 12, after which the group plans to incorporate the best recommendations in the final version. Members have said they will incorporate the work in their products, Schwartz said.

The efforts by the Anti-Spyware Coalition come months after the collapse of the Consortium of Anti-Spyware Technology vendors, or Coast, which had many of the same goals. Coast fell apart after it admitted a company suspected of making adware, prompting the departure of several key anti-spyware members.

Anti-Spyware Coalition members who make spyware-fighting software include: Aluria, America Online, Computer Associates, EarthLink, Lavasoft, McAfee, Microsoft, PC Tools, Symantec, Tenebril, Trend Micro and Webroot Software. The coalition is supported by the Canadian Internet Policy and Public Interest Clinic, Consumer's Union and other organizations.


Join the conversation!
Add your comment
Define spyware - it's easy.
It's anything that is placed onto a computer for use by a third party to track the use of that computer and report it to another person.

These programs are as proper as a third party tapping a telephone to see who is being called by the subscriber. Placing programs onto the computer of another for the gain of another person or business is tantamount to theft. Marketers and the Federal Fair Trade Commission seem to forget that the individual computers are private property of the owner.

I think it is great that someone is finally stepping up and declaring what is a gross infirngement upon personal privacy.

I agree that a program that suddenly activates and takes control of a computer in such a way it denies the user the ability to use the computer until that program gets finished is also unwanted. One way to foil this operation is to identify the villain and use your security software to block it's ability to access the net.
Gerry Eberwein
Posted by GEBERWEIN (75 comments )
Reply Link Flag
Choosing a name is a red herring
Adware, spyware, scumware, sneakware (my preference)...if the user doesn't knowingly install it, doesn't want it or it's difficult/impossible to remove then it is a legitimate target.

The mess sneakware leaves behind puts the lie to anything the sneakwarers say publicly about ethical practices, clean uninstalls, etc. The bottom line is that they will hang on via any means possible. They've got their foot in the door and it won't be closing any time soon.

This is why open source removal tools/companies are so vital (although I use commercial tools also) - the adware types are just baiting the hook waiting for a juicy commercial vendor (let's say CA) to block their scumware - a nice big fat lawsuit will follow and the adware firm will pocket tens of millions in a settlement and go play golf. It beats trying to eke out a living on $.0001 per click-through.
Posted by relictele (5 comments )
Reply Link Flag
Do we really need a definition, people? Use your intuition.

Besides, the ones offered give too much leeway. "Without adequate knowledge"... can turn into a decade-long court battle over what's considered "adequate knowledge", and face it, sometimes people know what they're installing but they do it anyway for the free porn.

We should just legally call everything spyware so there won't be any loopholes those bastages can crawl through.
Posted by Karios Kasra (62 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.