Group seeks spyware's defining moment

(continued from previous page)

led to a lot of confusion," Case said. "If we could all agree, that would allow us to focus our energy on (making) better products and actually protecting against this stuff."

At the same time, makers of software judged to be adware or spyware have protested the flagging of their products by anti-spyware companies, to the point of threatened lawsuits. Microsoft, one of the new coalition's members and an anti-spyware tool provider, last week asked the Senate to rewrite anti-spyware legislation to prevent such lawsuits.

Coalition members include the major anti-spyware makers and several industry groups. Some consumer organizations, including the Consumers Union, also participate, Schwartz said.

"This effort is really to try and answer questions about what consumers can do to protect themselves," Schwartz said.

Coast's rocky road

The collapse of the Consortium of Anti-Spyware Technology vendors shows the difficulties facing industry efforts to tackle the problem.

2003: Anti-spyware software providers set up nonprofit Coast, aiming to define spyware and lay down a code of ethics for software distribution.

Dec 2003: Founding member Lavasoft, maker of Ad-Aware, quits, criticizes the group's membership fees and focus on "revenue generation."

January 2005: 180Solutions, an advertising software maker that's drawn widespread criticism in the industry, joins Coast. The consortium downplays 180's membership, saying it plans to help adware developers reform their practices and become certified members.

February 2005: Remaining founding members Webroot Software, Aluria Software and CA walk out.

April 2005: Coast is dissolved.

Source: CNET News.com

If a user has a question about a potential threat, it should be answered in the same way, regardless of which anti-spyware company is involved, he said. "Users should not feel like they get a bureaucratic runaround from different companies," Schwartz said.

Formation of the Anti-Spyware Coalition comes two months after the collapse of the Consortium of Anti-Spyware Technology vendors, or Coast, which had many of the same goals. Coast fell apart after it admitted a company suspected of making adware, prompting the departure of several key anti-spyware members.

Despite similar goals, the coalition is different from Coast, Schwartz said. "Coast seemed to be trying to do too many things and trying to please too many people all at the same time. There seemed to be a lack of clarity as to their mission and who exactly they were serving," he said.

The Anti-Spyware Coalition won't allow members beyond anti-spyware software companies, consumer advocacy groups and distributors of anti-spyware tools such as PC vendors and Internet access providers, Schwartz said. Also, all new members have to be approved by existing members.

The participation of consumer watchdogs is also a key difference, said Richard Stiennon, vice president of threat research at anti-spyware company Webroot.

"At least there is a forum and the industry can't be accused of working blindly. It is extremely good that consumer advocates are part of the consortium because we are aligned with them," he said.

Still, while Webroot is part of the new coalition, Stiennon has doubts about its chances of success, especially in regard to the likelihood of a quick agreement on definitions.

"When you get a bunch of technologists together in a room there are very strongly held opinions on definitions," he said.

[crosstalk]

what is the web site?

how do you contact the new antispyware forum?

[Below Meigh]

don't you have the toolbar for it?

Isn't there an adware popup that directs you to the site?
Or a toolbar in your browser?

(sarcasm)

I find that lavasoft has caved in to HT.exe makers and the likes because they are making $ (just from WHO I wish someone would publish their home addresses) and leveraging with frivalous lawsuits.

popups, spyware, junkware,... its all malicious. IMHO.

So what's there to be confused about?

From the article:

"There is much confusion over what spyware is and what it is not. And it starts with the fact that there is no definition," said Tori Case, director of security management at CA.

If it is tracking in any way shape or form, anything you do on your computer, IT IS SPYWARE.

If it is installed on your computer with out your consent, and by consent, I mean it clearly and specifically reveals it's true purpose during install and gives you the option to accept or deny it, IT IS MALWARE.

If it pops up ads without any interaction or effort on your part, IT IS ADWARE.

This is no different than breaking into someones house or car and installing cameras and microphones so you can monitor them.

[Michael Grogan]

Of course it's obvious

That's why all the noise. The people making the noise have a vested interest in confusing the issue before it gets clarified to the lawmakers. I can just imagine the back room deals that the spyware vendors and the anti-spyware vendors cut in preparation for this effort. Whatever 'definition' they come up with will certainly be narrow enough to allow the spyware vendors to keep on keeping on and leave something for anti-spyware software to purge from our computers on a daily basis. The whole point is to stop lawsuits, not spyware.

[Duncan12b]

Spyware: A Clarification

I think the spyware definition needs some more clarification. You say that anything that tracks you in any way is spyware. But what if you want something that tracks you, like the Google Toolbar? Is that spyware? I say no, it isn't. If you know what it is doing it can't be spying. Spying implies that something covert is going on. It is only spyware if you don't know what it is doing.

Take the example of a video camera for instance. It can track you, so is it spyware? Maybe. It depends on how it is used. If somebody you know comes up to you and asks if they can take your picture, it is not spyware. If somebody hides in a bush and takes your picture without your permission, then it is spyware.

The real issue is informed consent. Tracking software, like the Google Toolbar, has a place in the market and shouldn't be labeled as spyware.

[Michael Grogan]

The definition will never come

Since a proper definition of spyware/adware would facilitate effective legislation and ultimately prosecution of spyware/adware vendors with the possibility of severly curtailing or even stopping the problem it wiil not be defined by this coalition. The reason is simple; the heart of the coalition is software vendors who rely on the continued practice of software/spyware deployment for there business. These companies have a vested interest in the continuing good health of the spyware vendors and are unlikely to cut their own throats businesswise.

[Jonathan]

Call it what it is: A type of virus.

Most spyware now a days tricks you into installing it on your computer and does things to said computer that most users would NOT approve of. People are splitting hairs on what is a virus/worm/trojan/adware/spyware. All of this falls under the name malware and any spyware program can be just as damaging as a virus. We wouldn't be dealing with this issue if spy/adware wasn't being distributed under the guise of a legit business practice. Imagine what would happen if a worm that sends out mass mail spam was classified as a legit business tool and was acceptable because people clicked on the exe in the e-mail so its obviously something they wanted to install right? BS.

spyware

spyware is anything that goes in my computer without my express permission in advance ... also, it is criminal theif, end of story, period.

[GregJameson]

Spyware/Adware are flawed terms anyway

Trying to come up with a definition of "spyware" vs "adware" is a waste of time. The ASC needs to wake up and realize that these terms should be thrown out in favor of a single unified term. Call it something like "trespassware."

If something -- I don't care what it is -- installs itself on my PC, and I did not explicitly authorize it to be there, then it's trespassware and it is illegal. Period, end of story. How difficult is that to figure out?

The best quote on the futility of what the ASC is doing comes from Ben Edelman, spyware researcher: "From the perspective of users whose computers are infected, there is nothing hard about [defining spyware]. If you have adware or spyware on your computer, you want it gone. Maybe the toolbar is Mother Theresa, but it's Mother Theresa sitting in your living room uninvited and you want her gone also. You don't need a committee of 50 smart guys in D.C. sipping ice tea in order to decide that."

Amen.