Group pitches anti-spyware guidelines

The Anti-Spyware Coalition offered up standard guidelines on Thursday for detecting, rating and protecting against unwelcome programs that have plagued Internet users in recent years.

The group, composed of software companies and consumer advocates, also finalized its definition of spyware, veering little from the version it proposed in July.

The coalition defines spyware and other potentially unwanted technologies as programs deployed without sufficient user consent or impair user control over any of the following: privacy, system security and user experience; use of their system resources; or collection, use and distribution of personal information.

Spyware and adware have become widely despised for sneaky distribution tactics, unauthorized data gathering, the eating-up of computer processing power and other annoyances. Although adware makers say there are legitimate uses for their programs, an entire anti-spyware market has been spawned to combat the stuff.

Yet attempts to define spyware and create guidelines are also controversial. Critics fear spyware makers will use the guidelines to avoid getting caught by blocking tools, but will find ways to continue bad behaviors.

The Anti-Spyware Coalition acknowledged the concern in one of the documents it published on Thursday. "This is a valid concern that ASC discussed in detail," the group said in a document summarizing public comments it had received. "However, it is ASC's contention that the current 'Definitions' has been written with the problem in mind and leaves plenty of room for individual anti-spyware software companies to decide what fits their criteria for detection."

In its proposed spyware detection guidelines, the group said anti-spyware companies should focus on how the programs in question behave and rate them on risk. Among the behaviors the group considers high-risk are programs that replicate themselves via mass e-mails, worms, viruses and those that install themselves without a user's permission or knowledge, via a security exploit, for example.

Other high-risk programs are those that intercept e-mail or instant messages without user consent, transmit personally identifiable data, or change security settings. Using tracking cookies to collect information or running programs automatically without explicit user consent are considered low risk, according the guidelines.

The Anti-Spyware Coalition is collecting public comment on the document until Nov. 27 and plans to release a final version next year. The group said it expects the guidelines to set the stage for "best practices" for the anti-spyware industry.

[markdoiron]

The Reason Spyware is So Bad . . .

... is because spyware authors don't sit around talking about how to define it for months on end. spyware authors are going to continue to prevail in new and highly creative ways until the industry stops struggling with a definition and starts writing code that doesn't allow it. thank God we have ad-aware and spybot, and the "not-so-industry" individuals who generously devote their time to keeping those programs current!

mark d.

[Roman12]

Spyware is a BIG problem.

Good to know someone is actually doing something about spyware. I think more attention should be focused towards spyware because it affects too many computer users, and that's a lot of affected people. And many of which, are unaware of such threat. For the most part it's evolving and becoming worse faster then the anti-spyware market.
__________________________________
R.K.
<a class="jive-link-external" href="http://www.Remove-All-Spyware.com/" target="_newWindow">http://www.Remove-All-Spyware.com/</a>

[i_made_this]

the prevalance of spyware is due to

the prevalance of advertising servers and a dominant browser configured for convenience and not security.
let's hope that IE 7 changes the latter problem. I don't foresee an easy solution to the former problem as long as the "software industry" to which the article refers is strongly supportive of ad servers.

[ajbright]

White List

What puzzles me is why we still use the model of allowing everything on our computers to run, except that contained in an ever growing list of spyware and viruses. Basically we use a system of black listing bad things.

Surely it would be easier to design a system that allowed nothing to run, except that which we define as ok.

Even with the best antivirus and antispyware software, it's impossible to keep track of everything out there, with hundreds of new pieces of malware appearing every day. The size of antivirus definitions as well as antispyware definitions must be in the tens of thousands, it's an impossible task to track it all.

Instead we could easily keep track of the few hundred legitimate applications our computers need to use, adding new software to the white list as we install it. In fact antivirus companies could define white list definition files with the most common applications and windows modules being used, updating them quarterly instead of weekly, and leaving us to add our own entries on the odd occasion when we get something new that hasn't been entered.

I think until we adopt this method of controlling the software our computers run, we will never be certain of keeping any computer spyware free.

Imagine the benefits for businesses, which would only need a new white list definition file when they decide to update their users computers with new software - usually a once in three year activity - so as long as the white list was correct when the computer is issued to an employee, except under extraordinary conditions, you'd never need to be concerned about patching a computer again.

Okay so I'm sure someone can knock a dozen holes in this theory, but it ought to be obvious to anyone by now that the current situation is unsustainable.

Eventually, with ever growing malware definition files, we'll end up with systems more crippled by the resources needed to protect our computers than we would if we let the odd virus in. It's obviously not working, if it was then every time a new worm appears we wouldn't be caught short like we currently are.

[Muddleme]

How do you white list it?

The Genie is out of the bottle.
Anyone interested in messing with others needs to study JAVA, ActiveX, DCOM, JET, yada, yada. They don't even really need to know how to use them, they need to know how to abuse them. I know relatively nothing about JAVA, yet I can crash your browser and sometimes your OS using code that makes no sense to anyone including myself.
Unless a computer which is not on a local network is barred from running any code other than HTML your pissing in the wind. Oh' what a wonderfull world that would be. Hell, this site doesn't work unless you allow potentially harmful code to run. I have to add it to my trusted sites then allow it access through my firewall, all the while trusting people I don't know and have never met.