July 11, 2005 9:00 PM PDT
Group delivers definition of spyware
The group, made up of makers of anti-spyware software, will release a proposed definition of spyware and a common lexicon, said Ari Schwartz, an associate director at the Center for Democracy and Technology, which has led the work of the group. Various consumer and industry organizations helped in the effort, he said.
"Any unified approach to the spyware problem is going to require a common definition of what the problem is," Schwartz said. "One of the biggest challenges we have had with spyware has been agreeing on what it is."
Spyware and adware have become a major headache for computer users over the past years. Still, purveyors of the software defend the programs as legitimate marketing tools and take issue with anti-spyware makers when their product is flagged and removed. The coalition's goal is to draw clear lines, ultimately to help consumers keep their PCs clean.
The coalition defines spyware narrowly as software that gathers information about the user and is installed without adequate user notice, consent or control. The definition would mark as spyware any programs that are downloaded and installed surreptitiously or that track what Web sites people visit, for example.
An expanded definition also includes other potentially malicious programs, such as software that provides backdoors for hackers or serves up ads on the user's screen.
In that definition, spyware and other potentially unwanted technologies are described as those that "impair users' control over: material changes that affect their user experience, privacy, or system security; use of their system resources, including what programs are installed on their computers; or collection, use, and distribution of their personal or otherwise sensitive information."
The group has also drafted procedures for dealing with software makers who believe their product has been unfairly flagged as spyware.
Could it backfire?
Critics fear that spyware makers stand to gain most from the coalition's work. It may give them the tools to prevent their software from being flagged and removed by anti-spyware products, said Ben Edelman, a Harvard law student and an adware and spyware researcher.
"The entities most urgently calling for uniform standards are those who make applications often labeled as spyware or adware," he said. "They hope to get a single definition that they can then manage to escape."
Internet users know what software they don't like, and anti-spyware makers should build their products based on that, Edelman said. "There's substantial benefit to letting anti-spyware vendors compete to best match users' desires and preferences," he said.
Both spyware and adware can sap computing power. They're often surreptitiously installed on computers to gather information about people that is used for advertising or provided to other interested parties. The market for tools to remove the unwanted software is booming.
There have been cases where a definition of spyware and dispute policies could have helped anti-spyware software makers set up a stable blacklist. Computer Associates International earlier this year temporarily removed the Gator adware program from the spyware detected by its PestPatrol program after the maker of the software complained. The program has since been put back on CA's list of spyware.
In another example, Microsoft is facing heat over its recent decision to downgrade the threat level for the same adware, now known as Claria. The beta version of Microsoft AntiSpyware previously recommended that users quarantine several products from Claria. The Microsoft product still detects the Claria software, but no longer recommends removal.
The public can comment on the Anti-Spyware Coalition's draft definition until Aug. 12, after which the group plans to incorporate the best recommendations in the final version. Members have said they will incorporate the work in their products, Schwartz said.
The efforts by the Anti-Spyware Coalition come months after the collapse of the Consortium of Anti-Spyware Technology vendors, or Coast, which had many of the same goals. Coast fell apart after it admitted a company suspected of making adware, prompting the departure of several key anti-spyware members.
Anti-Spyware Coalition members who make spyware-fighting software include: Aluria, America Online, Computer Associates, EarthLink, Lavasoft, McAfee, Microsoft, PC Tools, Symantec, Tenebril, Trend Micro and Webroot Software. The coalition is supported by the Canadian Internet Policy and Public Interest Clinic, Consumer's Union and other organizations.
3 commentsJoin the conversation! Add your comment