Language Selection

English French German Italian Portuguese Spanish

Little Agreement on Spyware Guidelines

Filed under

Many anti-spyware programs scour computer hard drives for those data-tracking files called cookies that we often get from Web visits. Microsoft Corp.'s tool does not. And there are disputes aplenty about whether certain widely used advertising programs circulating on the Internet are clean of spyware.

No surprise, then, that there's little agreement on what should be considered spyware, and what adware is exactly. Or on whether adware, which delivers ads, is a form of spyware or a breed apart.

Consumers are confounded. Is their computer-cleaning overzealous or not thorough enough? Are they removing useful programs with the dreck?

No less vexed are makers of anti-spyware software. They're beset by legal headaches, constantly challenged for what their products define and target as malware.

"It certainly distracts us from the job at hand," said David Moll, chief executive of Webroot Software Inc.

Help may be on the way. Led by the tech-advocacy group Center for Democracy and Technology, the anti-spyware industry is crafting definitions and plans to eventually set up dispute-resolution procedures. A draft is expected by late summer.

"A definition is the foundation," said Ari Schwartz, the center's associate director. "If a consumer's going to make a decision in the marketplace about what they have and what software they are going to use, it's helpful to have a basis to do that on."

Similar efforts, however, have failed before.

Part of the challenge stems from how the term "spyware" evolved.

"It started out as being called spyware because a lot of it was spying on people and sending personal information," said Dave Methvin, chief technology officer with tech diagnostic site PC Pitstop. "It's a catchy, quick word that is always easy for people to understand and say."

But the term stuck even as some of these programs, in response to consumer complaints, began sending back less data and became less sneaky.

In some people's minds, spyware came to include programs that change Web browser settings without asking or trick users into racking up huge phone bills by making the equivalent of "900" calls to foreign porn sites.

"`Spyware' has sort of become the euphemism for any software I don't want," said Wayne Porter, co-founder of

The result is chaos.

Microsoft, for instance, chose not to scan cookies because many sites need them to remember passwords and otherwise customize a surfer's experience. Cory Treffiletti of the online ad agency Carat Interactive says cookies help sites identify repeat visitors so the same ads aren't shown over and over.

But other spyware hunters flag cookies on the grounds that they help advertisers track behavior. EarthLink Inc.'s Scott Mecredy says anti-spyware programs have gotten sophisticated enough to distinguish good cookies from bad.

Then there's the question of whether "spyware" includes adware.

Claria Corp., formerly known as Gator Corp., has sued several anti-spyware companies and Web sites for calling its advertising software "spyware." PC Pitstop rewrote some of its materials as part of a settlement.

Even "adware" isn't good enough for some.

Joseph Telafici, director of operations for McAfee Inc.'s security research unit, says the company now gets one or two complaints a week, compared with two or three per quarter last year from companies whose programs it has dubbed spyware or adware.

McAfee is in the process of assigning a full-time lawyer.

Symantec Corp. sought to pre-empt a lawsuit by filing one itself, asking a federal court to declare that it had the right to call Inc.'s toolbar adware. Hotbot did not respond to requests for comment.

Symantec still faces a lawsuit by Trekeight LLC, whose product Symantec brands adware.

Though it has yet to sue, 180solutions Inc. takes issue with "adware," preferring "searchware" or "sponsorware." "Adware" has become too linked with bad actors, and the industry needs more differentiation, said its chief executive, Keith Smith. Most anti-spyware vendors, however, still put 180solutions in that category.

Aluria Software LLC says one company, Inc., has changed its practices enough that it is now spyware- and adware-safe.

But America Online Inc., though it uses Aluria's technology, prefers a different test: What its users think.

AOL found that users overwhelmingly choose to rid their computers of WhenU's SaveNow application when anti-spyware scans uncover it, so AOL continues to list as adware.

Adding to the confusion is the fact that many legitimate programs -- including Microsoft Corp.'s Windows operating system and Web browser -- send out data without making the user fully aware, one of the common attributes of spyware.

And many programs that spy do have legitimate functions -- people may run a keystroke recorder to monitor spouses whom they suspect of cheating. Or they may willingly accept adware in exchange for a free game or screensaver.

Anti-spyware software companies say they leave removal decisions to customers, though many users simply follow their recommendations, failing to distinguish the mild from the malicious.

"If an anti-spyware company recommends that the software (gets) blocked, consumers will typically block it," said Keith Smith, chief executive of 180solutions. "It doesn't matter how good an experience they have with it."

Alex St. John, chief executive of WildTangent Inc., says anti-spyware companies have an incentive to overlist programs: It makes their products appear effective. Better definitions, he said, would help clear his company's game-delivery product.

"We want to do anything under our power to be clearly defined as a legitimate, upright consumer company," he said. "We would love to have something to adhere to."

Guidelines could give anti-spyware vendors a better defense.

For consumers, said Tori Case of Computer Associates International Inc., "if we start using the correct terminology, we can demystify it a bit and help people understand what the real risks are."

Associated Press

More in Tux Machines

Leftovers: Gaming

Leftovers: GNOME Software

  • GNOME Photos 3.18 App Gets Its First Hotfix Release Ahead of GNOME 3.18.1
    Earlier today, October 12, Debarshi Ray was happy to inform us all about the immediate availability of the first point release of his GNOME Photos 3.18 image viewer application for the soon-to-be-released GNOME 3.18.1 desktop environment.
  • View your GTK3 app or VM on the Web
    Ever wondered how to view gedit in a browser? It’s not a secret anymore, broadway is there for some time.
  • The new search for GNOME Files (aka Nautilus)
    As some (most? none? who knows =P) of you already know, last cycle I worked as a Google Summer of Code intern with Gtk+ and Nautilus. We saw the very positive results of it. And the picky eyes out there noticed that I wrote with these exact words: “While the project is over, I won’t stop contributing to Nautilus. Even with the interesting code, even with all the strange things surrounding it. Nautilus is like an ugly puppy: it may hurt your eyes, yet you still warmly love it.”

Linux Devices

  • Linksys WRT1900ACS Router is Ready for Open Source Tinkering
    We still regard the Linksys WRT1900AC as one of the best and fastest routers available, though if you're eyeing that model, there's a new version available with more memory and a faster processor. It's the WRT1900ACS, which is essentially an improved version of the WRT1900AC. The new model boasts a 1.6GHz dual-core processor, an upgrade over its predecessor's 1.2GHz chip; 128MB of flash memory (same as before); 512MB of DDR3 RAM, which is two times as much as the WRT1900AC; and eSATA and USB ports.
  • Linux Foundation Takes on Real-Time Computing for Embedded Apps
    What's the next step for open source in the embedded computing market? Google (GOOG), the Linux Foundation and other inaugural supporters of the Real-Time Linux Collaborative Project, which launched this month with a focus on the robotics, telecom, manufacturing, aviation, medical and similar industries, think kernel-level real-time support is the answer.
  • Your Last Chance To Crowdfund InvizBox Go, A Portable Open Source VPN Router
    A small Irish tech startup is in the last few days of crowdfunding for a small Linux-based router it’s hoping to ship out to supporters in February 2016. If its Kickstarter campaign is successful, InvizBox Go will offer users some protection when connecting to WiFi networks. Whether you’re at home, at a hotel, or working out of a coffee shop, the InvizBox Go will be able to connect your devices and route all of your traffic over Tor or a VPN connection (or even both). And since it can connect all devices simultaneously, it’s a great solution for keeping your housemates secure without requiring them to plug into anything or even download any software. Or, let’s face it, it’s also good for watching blocked content from around the world. Users will also be able to block a known list of ad providers. An optional feature will block Windows 10’s tracking domain. Additionally, the device can acts as a WiFi extender or even be used to charge a mobile phone or tablet if users plug into its USB port.
  • Irish firm’s product to mask online activity

Leftovers: OSS

  • Industry Veterans Partner to Create a School for Software Engineers
    Another interesting angle is that during their first year at school all projects except their own, if they decide otherwise, must be open sourced online on the repository of their choice (such as GitHub). "Open source is a great option for teaching students because it not only helps you in building new skills as as software engineers, but also you know how to communicate with your peers. You have to understand how the team is working among many things. So I think open source is a great way to learn software engineering," added Barbier. Because the Linux Foundation also runs many specialized courses, I asked whether the school had any plans to collaborate with the Foundation. I was told that, although they are in touch with the Linux Foundation, it's too early to comment on it.
  • Eximbank opts for Allevo’s open source application FinTP
    It originates from Allevo’s older offering, qPayintegrator. The open source project has been in the making for a few years.
  • Volkswagen’s Diesel Fraud Makes Critic of Secret Code a Prophet
    A Columbia University law professor stood in a hotel lobby one morning and noticed a sign apologizing for an elevator that was out of order. It had dropped unexpectedly three stories a few days earlier. The professor, Eben Moglen, tried to imagine what the world would be like if elevators were not built so that people could inspect them.
  • Mozilla to Bar Many Legacy Plug-ins in Firefox By End of 2016
    As we've reported several times, Google has been introducing big changes in its Chrome browser, especially when it comes to how the browser handles extensions. If you've regularly used either or both of the most popular open source Internet browsers--Google Chrome and Mozilla Firefox--then you're probably familiar with the performance and security problems that some extensions for them have caused. Mozilla, like the Chrome team, is also focused on the effect that extensions have on performance and reliability. Now, Benjamin Smedberg, a Mozilla senior engineering manager, in a post to a blog, has confirmed that Mozilla will bar almost all plug-ins built using decades-old NPAPI technology by the end of 2016.
  • What you need to know about Astara
    Astara provides OpenStack operators with a vendor-agnostic network orchestration platform that addresses the complex nature and scale of Neutron implementations. Astara features a driver-based orchestrator to manage network functions from different providers on bare metal, in virtual machines (VMs) and containers.
  • Mirantis, NetApp announce joint partnership
    Mirantis, the pure-play OpenStack company, has joined hands with NetApp and announced a joint partnership that combines the Mirantis OpenStack with mission-critical NetApp storage infrastructures.
  • Mirantis and NetApp Partner for Joint Testing, Cloud Reference Architectures
  • Introducing the Astara project, a preview of Liberty and Mitaka, and more OpenStack news
  • Taunton and Somerset trust explores wider open source adoption
    Taunton and Somerset NHS Foundation Trust has commenced "exploratory work" around expanding its use of open source technology to include an e-prescribing solution after going live with a non-proprietary electronic patient record (EPR) system earlier this month. Trust IT director Malcolm Senior said that although work around potentially adopting a new e-prescribing system was at an early stage, Taunton and Somerset was now considering dates for possible implementation. Senior said he was confident the trust would be able to meet a timeline for completing development of an e-prescribing service in line with aims for a 'paperless NHS' by 2018.
  • Nexenta Brings Open Source-driven Software-Defined Storage Solutions to the Dell Solutions Roadshow 2015 in Japan
  • Update Python GNUPG library for GNU Health crypto plugin
    Issues digitally signing and/or verifying GNUHealth documents, using GNUPG version 2.x should be solved by upgrading to the latest python-gnupg library[1], version 0.3.8 . You can check the changelog[2] for the details.
  • Another city swaps in LibreOffice to replace Microsoft Office
    Another city has decided to swap out Microsoft Office for the open source LibreOffice productivity suite. As ZDNet reported, the municipality of Bari in Italy is currently installing the open-source office software on its 1,700 PCs after a successful trial involving 100 PCs.
  • ODS Onsite Training - Onsite Training to the European Commission
    The course aims at enhancing the understanding of linked open data principles and technologies. By the end of the course, participants should have a clear understanding of what linked open data is and how linked data technologies can be applied to improve the availability, understandability and usability of EU data.