Language Selection

English French German Italian Portuguese Spanish

Little Agreement on Spyware Guidelines

Filed under
Security

Many anti-spyware programs scour computer hard drives for those data-tracking files called cookies that we often get from Web visits. Microsoft Corp.'s tool does not. And there are disputes aplenty about whether certain widely used advertising programs circulating on the Internet are clean of spyware.

No surprise, then, that there's little agreement on what should be considered spyware, and what adware is exactly. Or on whether adware, which delivers ads, is a form of spyware or a breed apart.

Consumers are confounded. Is their computer-cleaning overzealous or not thorough enough? Are they removing useful programs with the dreck?

No less vexed are makers of anti-spyware software. They're beset by legal headaches, constantly challenged for what their products define and target as malware.

"It certainly distracts us from the job at hand," said David Moll, chief executive of Webroot Software Inc.

Help may be on the way. Led by the tech-advocacy group Center for Democracy and Technology, the anti-spyware industry is crafting definitions and plans to eventually set up dispute-resolution procedures. A draft is expected by late summer.

"A definition is the foundation," said Ari Schwartz, the center's associate director. "If a consumer's going to make a decision in the marketplace about what they have and what software they are going to use, it's helpful to have a basis to do that on."

Similar efforts, however, have failed before.

Part of the challenge stems from how the term "spyware" evolved.

"It started out as being called spyware because a lot of it was spying on people and sending personal information," said Dave Methvin, chief technology officer with tech diagnostic site PC Pitstop. "It's a catchy, quick word that is always easy for people to understand and say."

But the term stuck even as some of these programs, in response to consumer complaints, began sending back less data and became less sneaky.

In some people's minds, spyware came to include programs that change Web browser settings without asking or trick users into racking up huge phone bills by making the equivalent of "900" calls to foreign porn sites.

"`Spyware' has sort of become the euphemism for any software I don't want," said Wayne Porter, co-founder of SpywareGuide.com.

The result is chaos.

Microsoft, for instance, chose not to scan cookies because many sites need them to remember passwords and otherwise customize a surfer's experience. Cory Treffiletti of the online ad agency Carat Interactive says cookies help sites identify repeat visitors so the same ads aren't shown over and over.

But other spyware hunters flag cookies on the grounds that they help advertisers track behavior. EarthLink Inc.'s Scott Mecredy says anti-spyware programs have gotten sophisticated enough to distinguish good cookies from bad.

Then there's the question of whether "spyware" includes adware.

Claria Corp., formerly known as Gator Corp., has sued several anti-spyware companies and Web sites for calling its advertising software "spyware." PC Pitstop rewrote some of its materials as part of a settlement.

Even "adware" isn't good enough for some.

Joseph Telafici, director of operations for McAfee Inc.'s security research unit, says the company now gets one or two complaints a week, compared with two or three per quarter last year from companies whose programs it has dubbed spyware or adware.

McAfee is in the process of assigning a full-time lawyer.

Symantec Corp. sought to pre-empt a lawsuit by filing one itself, asking a federal court to declare that it had the right to call Hotbot.com Inc.'s toolbar adware. Hotbot did not respond to requests for comment.

Symantec still faces a lawsuit by Trekeight LLC, whose product Symantec brands adware.

Though it has yet to sue, 180solutions Inc. takes issue with "adware," preferring "searchware" or "sponsorware." "Adware" has become too linked with bad actors, and the industry needs more differentiation, said its chief executive, Keith Smith. Most anti-spyware vendors, however, still put 180solutions in that category.

Aluria Software LLC says one company, WhenU.com Inc., has changed its practices enough that it is now spyware- and adware-safe.

But America Online Inc., though it uses Aluria's technology, prefers a different test: What its users think.

AOL found that users overwhelmingly choose to rid their computers of WhenU's SaveNow application when anti-spyware scans uncover it, so AOL continues to list as adware.

Adding to the confusion is the fact that many legitimate programs -- including Microsoft Corp.'s Windows operating system and Web browser -- send out data without making the user fully aware, one of the common attributes of spyware.

And many programs that spy do have legitimate functions -- people may run a keystroke recorder to monitor spouses whom they suspect of cheating. Or they may willingly accept adware in exchange for a free game or screensaver.

Anti-spyware software companies say they leave removal decisions to customers, though many users simply follow their recommendations, failing to distinguish the mild from the malicious.

"If an anti-spyware company recommends that the software (gets) blocked, consumers will typically block it," said Keith Smith, chief executive of 180solutions. "It doesn't matter how good an experience they have with it."

Alex St. John, chief executive of WildTangent Inc., says anti-spyware companies have an incentive to overlist programs: It makes their products appear effective. Better definitions, he said, would help clear his company's game-delivery product.

"We want to do anything under our power to be clearly defined as a legitimate, upright consumer company," he said. "We would love to have something to adhere to."

Guidelines could give anti-spyware vendors a better defense.

For consumers, said Tori Case of Computer Associates International Inc., "if we start using the correct terminology, we can demystify it a bit and help people understand what the real risks are."

By ANICK JESDANUN
Associated Press

More in Tux Machines

Aquaris E4.5 Ubuntu Phone - With Android

I ever so slightly regret the "upgrade" to Android. With a version less than the tablet, the UI changes are extremely noticeable, and the transition isn't as smooth. The device lags, and it just doesn't have enough processing power to give the necessary feel of goodness and elegance. On the other hand, you get tons of native applications that you can actually use, as opposed to the Ubuntu Touch idea. Shame really. For 'tis a compromise. If you ask me, I wholeheartedly embrace the M10 tablet upgrade, but on the phone, you might as well keep Ubuntu unless you need the device for serious use. If it's just an opportunistic call/SMS thing for when abroad and such, or to loan to friends, the original combo is adequate. If you need apps, then Android is the way to go, but do not except any miracles. It won't be speedy, and it won't be too pretty. All in all, an okay player. It is silly attaching sentiments to software or hardware, but I do guess I will fondly remember the Ubuntu phone attempt as a noble idea to make something great and fun. I could have kept the device in its original state, perhaps, but in the end, it would have ended in a pile of ancient stuff you keep around for a decade until you decide you need to throw it away to leave room for fresh memories and less ancient stuff. Having a flawless Android experience would have helped soften the edge, but as it is, it remains the bittersweet attempt at what could have been a revolution. The end. Read more Also: Ubuntu Desktop weekly update – February 23, 2018

​Docker and Red Hat News

  • ​Docker has a business plan headache
    We love containers. And, for most of us, containers means Docker. As RightScale observed in its RightScale 2018 State of the Cloud report, Docker's adoption by the industry has increased to 49 percent from 35 percent in 2017.
  • Mycroft Widget, Atos and Red Hat's New Cloud Container Solution, npm Bug and More
    Atos and Red Hat announced this morning "a new fully-managed cloud container solution - Atos Managed OpenShift (AMOS) - built on Red Hat OpenShift Container Platform". The press release adds, "Because AMOS is built on Red Hat OpenShift Container Platform, a container-centric hybrid cloud solution, it can deliver the flexibility customers seek from cloud-native and container-based applications."
  • Red Hat Decision Manager 7 Boosts BPM with Low-Code Approach
    Red Hat is perhaps best known for its Enterprise Linux platform, but it has been a player in the Business Process Management (BPM) suite for over a decade too. On Feb. 21, Red Hat Decision Manager 7 was officially announced as the successor to the company's JBoss Business Rules Management System (BRMS) product. Red Hat first released BRMS back in May 2009 which itself was an evolution of the JBoss Rules Engine.
  • Red Hat, Inc. (NYSE:RHT) – Active Stock Evaluation

FATHOM releases Crystallon

  • FATHOM releases Crystallon, an open-source software for lattice-based design
    Lattice structures are integral to 3D printed designs, and Aaron Porterfield, an industrial designer at additive manufacturing service bureau FATHOM, has developed Crystallon, an open source project for shaping them into structures.
  • FATHOM Introduces Open Source Software Project for Generating 3D Lattice Structures
    California-based FATHOM, which expanded its on-site managed services and announced important partnerships with Stratasys and Desktop Metal last year, is introducing a fascinating new open source project called Crystallon, which uses Rhino and Grasshopper3D to create lattice structures. FATHOM industrial designer Aaron Porterfield, also an Instructables member, developed the project as an alternative to designing lattices with commercially available software. He joined the company’s design and engineering team three years ago, and is often a featured speaker for its Design for Additive Manufacturing (DfAM) Training Program – and as the project developer, who better to explain the Crystallon project?

Kernel and Graphics: Machine Learning, Mesa, Wayland/Mir, AMDGPU

  • AI-Powered / Machine Learning Linux Performance Tuning Is Now A Thing
    A year and a half ago I wrote about a start-up working on dynamically-tuned, self-optimizing Linux servers. That company is now known as Concertio and they just launched their "AI powered" toolkit for IT administrators and performance engineers to optimize their server performance. Concertio Optimizer Studio is their product making use of machine learning that aims to optimize Linux systems with Intel CPUs for peak performance by scoping out the impact of hundreds of different tunables for trying to deliver an optimal configuration package for that workload on that hardware.
  • Pengutronix Gets Open-Source 3D Working On MX8M/GC7000 Hardware
    We've known that Pengutronix developers had been working on i.MX8M / GC7000 graphics support within their Etnaviv open-source driver stack from initial patches posted in January. Those patches back at the start of the year were for the DRM kernel driver, but it turns out they have already got basic 3D acceleration working.
  • SDL Now Disables Mir By Default In Favor Of Wayland Compatibility
    With Mir focusing on Wayland compatibility now, toolkits and other software making direct use of Mir's APIs can begin making use of any existing Wayland back-end instead. GTK4 drops the Mir back-end since the same can be achieved with the Wayland compatibility and now SDL is now making a similar move.
  • Mesa 18.1 Receives OpenGL 3.1 With ARB_compatibility For Gallium3D Drivers
    Going back to last October, Marek of AMD's open-source driver team has been working on ARB_compatibility support for Mesa with a focus on RadeonSI/Gallium3D. Today that work was finally merged. The ARB_compatibility support allows use of deprecated/removed features of OpenGL by newer versions of the specification. ARB_compatibility is particularly useful for OpenGL workstation users where there are many applications notorious for relying upon compatibility contexts / deprecated GL functionality. But ARB_compatibility is also used by a handful of Linux games too.
  • AMDGPU In Linux 4.17 Exposes WattMan Features, GPU Voltage/Power Via Hwmon
    AMD's Alex Deucher today sent in the first pull request to DRM-Next of AMDGPU (and Radeon) DRM driver feature material that will in turn be merged with the Linux 4.17 kernel down the road. There's some fun features for AMDGPU users coming with this next kernel! First up, Linux is finally getting some WattMan-like functionality after it's been available via the Windows Radeon Software driver since 2016. WattMan allows for more fine-tuning of GPU clocks, voltages, and more for trying to maximize the power efficiency. See the aforelinked article for details but currently without any GUI panel for tweaking all of the driver tunables, this WattMan-like support needs to be toggled from the command-line.