Language Selection

English French German Italian Portuguese Spanish

Little Agreement on Spyware Guidelines

Filed under
Security

Many anti-spyware programs scour computer hard drives for those data-tracking files called cookies that we often get from Web visits. Microsoft Corp.'s tool does not. And there are disputes aplenty about whether certain widely used advertising programs circulating on the Internet are clean of spyware.

No surprise, then, that there's little agreement on what should be considered spyware, and what adware is exactly. Or on whether adware, which delivers ads, is a form of spyware or a breed apart.

Consumers are confounded. Is their computer-cleaning overzealous or not thorough enough? Are they removing useful programs with the dreck?

No less vexed are makers of anti-spyware software. They're beset by legal headaches, constantly challenged for what their products define and target as malware.

"It certainly distracts us from the job at hand," said David Moll, chief executive of Webroot Software Inc.

Help may be on the way. Led by the tech-advocacy group Center for Democracy and Technology, the anti-spyware industry is crafting definitions and plans to eventually set up dispute-resolution procedures. A draft is expected by late summer.

"A definition is the foundation," said Ari Schwartz, the center's associate director. "If a consumer's going to make a decision in the marketplace about what they have and what software they are going to use, it's helpful to have a basis to do that on."

Similar efforts, however, have failed before.

Part of the challenge stems from how the term "spyware" evolved.

"It started out as being called spyware because a lot of it was spying on people and sending personal information," said Dave Methvin, chief technology officer with tech diagnostic site PC Pitstop. "It's a catchy, quick word that is always easy for people to understand and say."

But the term stuck even as some of these programs, in response to consumer complaints, began sending back less data and became less sneaky.

In some people's minds, spyware came to include programs that change Web browser settings without asking or trick users into racking up huge phone bills by making the equivalent of "900" calls to foreign porn sites.

"`Spyware' has sort of become the euphemism for any software I don't want," said Wayne Porter, co-founder of SpywareGuide.com.

The result is chaos.

Microsoft, for instance, chose not to scan cookies because many sites need them to remember passwords and otherwise customize a surfer's experience. Cory Treffiletti of the online ad agency Carat Interactive says cookies help sites identify repeat visitors so the same ads aren't shown over and over.

But other spyware hunters flag cookies on the grounds that they help advertisers track behavior. EarthLink Inc.'s Scott Mecredy says anti-spyware programs have gotten sophisticated enough to distinguish good cookies from bad.

Then there's the question of whether "spyware" includes adware.

Claria Corp., formerly known as Gator Corp., has sued several anti-spyware companies and Web sites for calling its advertising software "spyware." PC Pitstop rewrote some of its materials as part of a settlement.

Even "adware" isn't good enough for some.

Joseph Telafici, director of operations for McAfee Inc.'s security research unit, says the company now gets one or two complaints a week, compared with two or three per quarter last year from companies whose programs it has dubbed spyware or adware.

McAfee is in the process of assigning a full-time lawyer.

Symantec Corp. sought to pre-empt a lawsuit by filing one itself, asking a federal court to declare that it had the right to call Hotbot.com Inc.'s toolbar adware. Hotbot did not respond to requests for comment.

Symantec still faces a lawsuit by Trekeight LLC, whose product Symantec brands adware.

Though it has yet to sue, 180solutions Inc. takes issue with "adware," preferring "searchware" or "sponsorware." "Adware" has become too linked with bad actors, and the industry needs more differentiation, said its chief executive, Keith Smith. Most anti-spyware vendors, however, still put 180solutions in that category.

Aluria Software LLC says one company, WhenU.com Inc., has changed its practices enough that it is now spyware- and adware-safe.

But America Online Inc., though it uses Aluria's technology, prefers a different test: What its users think.

AOL found that users overwhelmingly choose to rid their computers of WhenU's SaveNow application when anti-spyware scans uncover it, so AOL continues to list as adware.

Adding to the confusion is the fact that many legitimate programs -- including Microsoft Corp.'s Windows operating system and Web browser -- send out data without making the user fully aware, one of the common attributes of spyware.

And many programs that spy do have legitimate functions -- people may run a keystroke recorder to monitor spouses whom they suspect of cheating. Or they may willingly accept adware in exchange for a free game or screensaver.

Anti-spyware software companies say they leave removal decisions to customers, though many users simply follow their recommendations, failing to distinguish the mild from the malicious.

"If an anti-spyware company recommends that the software (gets) blocked, consumers will typically block it," said Keith Smith, chief executive of 180solutions. "It doesn't matter how good an experience they have with it."

Alex St. John, chief executive of WildTangent Inc., says anti-spyware companies have an incentive to overlist programs: It makes their products appear effective. Better definitions, he said, would help clear his company's game-delivery product.

"We want to do anything under our power to be clearly defined as a legitimate, upright consumer company," he said. "We would love to have something to adhere to."

Guidelines could give anti-spyware vendors a better defense.

For consumers, said Tori Case of Computer Associates International Inc., "if we start using the correct terminology, we can demystify it a bit and help people understand what the real risks are."

By ANICK JESDANUN
Associated Press

More in Tux Machines

Firefly COM dual boots Android and Ubuntu on hexa-core RK3399

GNOME developer Bastien Nocera talks in his latest blog post about the enhancements he managed to implement in the past few weeks to the Bluetooth stack of the Fedora Linux operating system. Read more

Games: Morphite, Mooseman, Arma, and PlayStation 4 DualShock Controller

  • Stylish FPS 'Morphite' released without Linux support, but it's coming
    Sadly, Morphite [Steam] has seen a delay with the Linux version. Thankfully, the developer was quick to respond and it's still coming.
  • The Mooseman, a short side-scrolling adventure just released for Linux
    In the mood for something a little out there? Well, The Mooseman [Steam] a short side-scroller might just hit the spot.
  • Arma 3 1.76 for Linux is planned, work on it to start "soon"
    Bohemia Interactive have announced in their latest "SITREP" that the Linux version of Arma 3 will be updated to the latest version of 1.76, work is set to start on it "soon".
  • Sony's PlayStation 4 DualShock Controller Now Supported in Fedora Linux, GNOME
    GNOME developer Bastien Nocera talks in his latest blog post about the enhancements he managed to implement in the past few weeks to the Bluetooth stack of the Fedora Linux operating system. The patches submitted by the developer to the Bluetooth packages in the latest Fedora Linux release promise to bring improvements to the way PlayStation 3 DualShock controllers are set up in the environment if you're using the GNOME desktop environment. Until now, to set up a DualShock 3 controller, users had to plug it in via USB, then disconnect it, and then press the "P" button on the joypad, which would have popped-up a dialog to confirm the Bluetooth connection. But this method had some quirks though.

Debian Development Reports

  • Free software log (July and August 2017)
    August was DebConf, which included a ton of Policy work thanks to Sean Whitton's energy and encouragement. During DebConf, we incorporated work from Hideki Yamane to convert Policy to reStructuredText, which has already made it far easier to maintain. (Thanks also to David Bremner for a lot of proofreading of the result.) We also did a massive bug triage and closed a ton of older bugs on which there had been no forward progress for many years. After DebConf, as expected, we flushed out various bugs in the reStructuredText conversion and build infrastructure. I fixed a variety of build and packaging issues and started doing some more formatting cleanup, including moving some footnotes to make the resulting document more readable.
  • Freexian’s report about Debian Long Term Support, August 2017
    Like each month, here comes a report about the work of paid contributors to Debian LTS.
  • Reproducible Builds: Weekly report #125
    16 package reviews have been added, 99 have been updated and 92 have been removed in this week, adding to our knowledge about identified issues.

The GNOME Foundation Backs Librem 5

  • GNOME Foundation partners with Purism to support its efforts to build the Librem 5 smartphone
    The GNOME Foundation has provided their endorsement and support of Purism’s efforts to build the Librem 5, which if successful will be the world’s first free and open smartphone with end-to-end encryption and enhanced user protections. The Librem 5 is a hardware platform the Foundation is interested in advancing as a GNOME/GTK phone device. The GNOME Foundation is committed to partnering with Purism to create hackfests, tools, emulators, and build awareness that surround moving GNOME/GTK onto the Librem 5 phone. As part of the collaboration, if the campaign is successful the GNOME Foundation plans to enhance GNOME shell and general performance of the system with Purism to enable features on the Librem 5.
  • Now GNOME Foundation Wants to Support Purism's Privacy-Focused Linux Smartphone
    GNOME Foundation, the non-profit organization behind the popular GNOME desktop environment designed for Linux-based operating systems, announced on Wednesday that they plan on supporting Purism's Librem 5 smartphone. The announcement comes only a week after KDE unveiled their plans to work with Purism on an implementation of their Plasma Mobile interface into the security- and privacy-focused Librem 5 Linux smartphone, and now GNOME is interested in advancing the Librem 5 hardware platform as a GNOME/GTK+ phone device. "Having a Free/Libre and Open Source software stack on a mobile device is a dream-come-true for so many people, and Purism has the proven team to make this happen. We are very pleased to see Purism and the Librem 5 hardware be built to support GNOME," said Neil McGovern, Executive Director, GNOME Foundation.
  • GNOME Joins The Librem 5 Party, Still Needs To Raise One Million More Dollars
    One week after announcing KDE cooperation on the proposed Librem 5 smartphone with plans to get Plasma Mobile on the device if successful, the GNOME Foundation has sent out their official endorsement of Purism's smartphone dream. Purism had been planning to use GNOME from the start for their GNU/Linux-powered privacy-minded smartphone while as of today they have the official backing of the GNOME Foundation.