February 10, 2006 12:19 PM PST

Spyware fight attracts a crowd

WASHINGTON--Four groups have sprung up to fight the insidious software that pops up ads on screens or spies on PC users. Is that too much of a good thing?

Last month, the number of efforts to fight adware and spyware doubled with the announcement of two new initiatives: Spywaretesting.org, a consortium of antivirus companies, and StopBadware.org, an initiative led by two universities. These join the Trusted Download Program and the Anti-Spyware Coalition, both formed last year.

The new initiatives were the hot hallway topic outside an event hosted by the Anti-Spyware Coalition here Thursday. People there disagreed on whether more is merrier. Some predict the efforts will collide, as each group is dedicated to helping consumers deal with the insidious software. Others say the peer pressure will keep each organization on its toes, helping the cause.

News.context

What's new:
Launch of two new anti-spyware groups mean there are now four industry initiatives to fight software that pops up ads on screens or spies on PC users.

Bottom line:
Industry members are divided on whether the presence of several efforts will backfire on consumers. Some say the initiatives will collide, others that they will end up collaborating.

For more info:
More on spyware initiatives

"To many of us, it is completely baffling why there are so many different groups out there," said Alex Eckelberry, president of Sunbelt Software, a maker of anti-spyware tools. Sunbelt has not joined any of the efforts in order to maintain its independence, he said.

According to a Pew Internet & American Life Project study published last year, roughly 59 million American adults have spyware or adware on their computers. Other experts have said as many as 80 percent of consumers' PCs are infected with the annoying software.

Eric Allred, who works at Anti-Spyware Coalition member Microsoft as an anti-spyware response coordinator, said the existence of several bodies could make the work of each group less effective. That could hurt their overall goal of protecting consumers, he said.

But more voices can only help, said David Fewer, a staff counsel at the Canadian Internet Policy and Public Interest Clinic, a consumer advocacy group in Ottawa associated with the Anti-Spyware Coalition. "More consumer education is a good thing, especially if these groups have consistent messaging, which I think they do," he said.

Each of the four groups appears to be dedicated to a distinct purpose, said Tori Case, director of security management at Computer Associates International. Though the goals of each group sometimes overlap, that spread should help stop them stepping on each other's toes.

"That provides focus," she said. "You risk losing focus and (having) conflict of interest in a large organization."

Who's doing what
The Anti-Spyware Coalition only got going in June last year, but is still the oldest group dealing with adware and spyware. It is focusing on coming up with a definition of spyware, to help draw a line between legitimate adware and intrusive downloads. In January, it published guidelines for identifying and combating spyware. It also issued tips for makers of anti-spyware tools to help them deal with companies that complain their software has been inappropriately flagged.

Picking a fight

The four industry groups working to combat spyware and adware are taking different tacks, though their efforts do sometimes overlap.

Anti-Spyware Coalition
Set up in mid-2005. The group is working on a definition of spyware, a common lexicon and an appeals process for those who contest that their software is not adware or spyware. Members include Microsoft, Symantec, Computer Associates, McAfee, AOL and Yahoo. CNET Download.com, a sister site of News.com, is also signed up.

Trusted Download Program
Launched in November, the program promises to use certification to guarantee an application does only what it says. It's backed by America Online, Yahoo, CNET Networks, Verizon and Computer Associates.

StopBadware.org
A more community-focused effort that aims to publish a blacklist of companies and software judged to be the worst offenders. Solicits stories and reports of offending downloads from Net users. Has support from Google, PC maker Lenovo and Sun Microsystems.

Spywaretesting.org
An initiative launched last month by a consortium of antivirus companies. It plans to draft standards for spyware samples and testing, help consumers determine the risks posed by new software and the effectiveness of anti-spyware products. The members are McAfee, Symantec, Trend Micro, ICSA Labs and Thompson Cyber Security Labs.

The formation of the group came just months after the collapse of the Consortium of Anti-Spyware Technology vendors, or Coast, which had many of the same goals. Coast fell apart after it allowed a company suspected of making adware to join, a decision that prompted the departure of several key members.

In November, the Trusted Download Program made its debut. The stated aim of the organization is to certify software downloads that are friendly and noninvasive. The program is run by privacy watchdog Truste and backed by America Online, Yahoo, CNET Networks, Verizon and Computer Associates. (CNET Networks is the parent of CNET News.com.)

The Trusted Download Program is creating a list of approved applications, which may in fact still display advertising. To be certified, makers of the software have to clearly communicate what their product does. The consumer has to consent to a software download before it begins, and then click again before the installation starts.

Critics have expressed doubts about the Trusted Download Program, saying that it may legitimize adware. They contend that some makers of disputed software may be able to gain certification and use that to expand their distribution.

StopBadware.org is taking the opposite approach. It plans to publish a blacklist of offending software and publicly shame the companies that create such applications. The initiative is run by Harvard University and Oxford University with backing from Google, Sun Microsystems and Lenovo.

On the StopBadware.org Web site, Internet users will be able to check if a piece of software is invasive and alert others to annoying programs they have encountered. The group is trying to tap into the experience of ordinary Internet users, and encourages people to share horror stories and technical reports. It plans to craft its own definitions for this kind of malicious software--a goal that overlaps somewhat with that of the Anti-Spyware Coalition.

"What is spyware? It is not a settled question," said Luis Villa, senior technologist at the Berkman Center for Internet & Society at Harvard Law School. Villa works on the StopBadware.org site. "It is not entirely clear that all the options out there are providing clear standards," he added.

Another area of development is spyware testing guidelines--both StopBadware and the Spywaretesting.org have pledged to come up with these. Spywaretesting.org is an initiative launched last month by antivirus companies McAfee, Symantec and Trend Micro, along with ICSA Labs and Thompson Cyber Security Labs. It plans to draft standards for spyware samples in addition to testing. All the companies involved, except for Thompson, are also members of the Anti-Spyware Coalition.

Though now separate, the groups may one day come together. Villa of StopBadware pointed out that any competition between the groups is friendly, and others noted that the efforts are still in an early, pioneering phase. Truste, which runs the Trusted Download Program, also appears to expect consolidation.

"I think they could all be complementary and get together over time," said Fran Maier, executive director of Truste.

There were some talk of this at the Washington event. Some attendees speculated that the Spywaretesting.org group might become part of the Anti-Spyware Coalition. In addition, a scheduled Friday meeting to discuss Spywaretesting.org's work spurred others into predicting that the organization might pick up more allies.

"Spywaretesting.org has been predominantly driven out of the antivirus industry," Eschelbeck said. "They probably have a need to involve the anti-spyware vendors as well. We're ready."

See more CNET content tagged:
initiative, anti-spyware, Sunbelt Software, margin, adware

11 comments

Join the conversation!
Add your comment
or...
just get a Mac...
Posted by (96 comments )
Reply Link Flag
and suffer in ignorance
See <a class="jive-link-external" href="http://www.foxnews.com/story/0,2933,181602,00.html" target="_newWindow">http://www.foxnews.com/story/0,2933,181602,00.html</a>
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
Mac is not a solution
Just get a MAC? How long do you think that it is going to take before programmers realize that if they write adware to implant in MAC OS programs they can have a monopoly on MAC user's personal data? How often do you check who wrote the code for the free widget you just downloaded?
Posted by eklauber (2 comments )
Link Flag
your hilarious
How Long? Will it happen "soon".... fact is.. it has not happened.
Does not mean it will not... but right now I CAN gloat and
confidently say it is not a threat.
What is untrue about that? Are there OS X viruses? NO... are
there malware problems with OS X... NO&gt;. there is not. Those
are facts.. not suppositions.

There is one thing that you don't realize.. or underestimate
about the Mac "community"... if there was a widespread
problem... there would be a fix for it in a matter of hours.. not
necessarily by Apple... but by one of us "Mac fans"...
We are different.. not lemmings who except abuse.. we expect
more.
We like it that our OS doesn't let programs install with full admin
privileges without our knowledge.... we like knowing that when
we install a program..it asks our permission... and doesn't install
itself within the far corners of our machine.

Using a Windows computer on the internet is like sleeping with a
hooker without a condom. You can't deny it. Windows is swiss
cheese. Microsoft even wants you to pay for security software..
when it is there OS that is faulty! Give me a break! Your all
delusional!
Posted by (96 comments )
Reply Link Flag
AMEN
eom
Posted by Thomas, David (1947 comments )
Link Flag
If that is what you need
Personally I don't need Steve (and his glued together OS) to hold my hand while I use my computers. I have no security problems with Windows at all. People who do are just careless.

Besides, you can set up Windows to do just the same, but few do. I have on a few computers, but only those where my kids have access. If you think MacOS X is good because Steve has taken the best parts of BSD and slapped a price tag on them maybe you should think again who is the lemming.
Posted by Andrew J Glina (1673 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.