Language Selection

English French German Italian Portuguese Spanish

Little Agreement on Spyware Guidelines

Filed under
Security

Many anti-spyware programs scour computer hard drives for those data-tracking files called cookies that we often get from Web visits. Microsoft Corp.'s tool does not. And there are disputes aplenty about whether certain widely used advertising programs circulating on the Internet are clean of spyware.

No surprise, then, that there's little agreement on what should be considered spyware, and what adware is exactly. Or on whether adware, which delivers ads, is a form of spyware or a breed apart.

Consumers are confounded. Is their computer-cleaning overzealous or not thorough enough? Are they removing useful programs with the dreck?

No less vexed are makers of anti-spyware software. They're beset by legal headaches, constantly challenged for what their products define and target as malware.

"It certainly distracts us from the job at hand," said David Moll, chief executive of Webroot Software Inc.

Help may be on the way. Led by the tech-advocacy group Center for Democracy and Technology, the anti-spyware industry is crafting definitions and plans to eventually set up dispute-resolution procedures. A draft is expected by late summer.

"A definition is the foundation," said Ari Schwartz, the center's associate director. "If a consumer's going to make a decision in the marketplace about what they have and what software they are going to use, it's helpful to have a basis to do that on."

Similar efforts, however, have failed before.

Part of the challenge stems from how the term "spyware" evolved.

"It started out as being called spyware because a lot of it was spying on people and sending personal information," said Dave Methvin, chief technology officer with tech diagnostic site PC Pitstop. "It's a catchy, quick word that is always easy for people to understand and say."

But the term stuck even as some of these programs, in response to consumer complaints, began sending back less data and became less sneaky.

In some people's minds, spyware came to include programs that change Web browser settings without asking or trick users into racking up huge phone bills by making the equivalent of "900" calls to foreign porn sites.

"`Spyware' has sort of become the euphemism for any software I don't want," said Wayne Porter, co-founder of SpywareGuide.com.

The result is chaos.

Microsoft, for instance, chose not to scan cookies because many sites need them to remember passwords and otherwise customize a surfer's experience. Cory Treffiletti of the online ad agency Carat Interactive says cookies help sites identify repeat visitors so the same ads aren't shown over and over.

But other spyware hunters flag cookies on the grounds that they help advertisers track behavior. EarthLink Inc.'s Scott Mecredy says anti-spyware programs have gotten sophisticated enough to distinguish good cookies from bad.

Then there's the question of whether "spyware" includes adware.

Claria Corp., formerly known as Gator Corp., has sued several anti-spyware companies and Web sites for calling its advertising software "spyware." PC Pitstop rewrote some of its materials as part of a settlement.

Even "adware" isn't good enough for some.

Joseph Telafici, director of operations for McAfee Inc.'s security research unit, says the company now gets one or two complaints a week, compared with two or three per quarter last year from companies whose programs it has dubbed spyware or adware.

McAfee is in the process of assigning a full-time lawyer.

Symantec Corp. sought to pre-empt a lawsuit by filing one itself, asking a federal court to declare that it had the right to call Hotbot.com Inc.'s toolbar adware. Hotbot did not respond to requests for comment.

Symantec still faces a lawsuit by Trekeight LLC, whose product Symantec brands adware.

Though it has yet to sue, 180solutions Inc. takes issue with "adware," preferring "searchware" or "sponsorware." "Adware" has become too linked with bad actors, and the industry needs more differentiation, said its chief executive, Keith Smith. Most anti-spyware vendors, however, still put 180solutions in that category.

Aluria Software LLC says one company, WhenU.com Inc., has changed its practices enough that it is now spyware- and adware-safe.

But America Online Inc., though it uses Aluria's technology, prefers a different test: What its users think.

AOL found that users overwhelmingly choose to rid their computers of WhenU's SaveNow application when anti-spyware scans uncover it, so AOL continues to list as adware.

Adding to the confusion is the fact that many legitimate programs -- including Microsoft Corp.'s Windows operating system and Web browser -- send out data without making the user fully aware, one of the common attributes of spyware.

And many programs that spy do have legitimate functions -- people may run a keystroke recorder to monitor spouses whom they suspect of cheating. Or they may willingly accept adware in exchange for a free game or screensaver.

Anti-spyware software companies say they leave removal decisions to customers, though many users simply follow their recommendations, failing to distinguish the mild from the malicious.

"If an anti-spyware company recommends that the software (gets) blocked, consumers will typically block it," said Keith Smith, chief executive of 180solutions. "It doesn't matter how good an experience they have with it."

Alex St. John, chief executive of WildTangent Inc., says anti-spyware companies have an incentive to overlist programs: It makes their products appear effective. Better definitions, he said, would help clear his company's game-delivery product.

"We want to do anything under our power to be clearly defined as a legitimate, upright consumer company," he said. "We would love to have something to adhere to."

Guidelines could give anti-spyware vendors a better defense.

For consumers, said Tori Case of Computer Associates International Inc., "if we start using the correct terminology, we can demystify it a bit and help people understand what the real risks are."

By ANICK JESDANUN
Associated Press

More in Tux Machines

Share your love for free software

Yes, we love Free Software and this readily means that we love technology, people, social equanimity, and the various meanings one may take on for the word “freedom”. We care about it and we all want to bear witness of the growth and consolidation of new projects, and the progress of elder ones into full-fledged solutions driven by healthy and thriving communities. Free Software communities are inherently diverse and put together people with different motivations, expectations, and interests. Some are there to make friends and advance their technical and social skills, while others want to pursue the dream of an open world or even have Free Software as their daily paid job. In spite of such a diversity, one thing unite all of us in this Free Software odyssey: we love what we do. Read more

today's leftovers

  • Hyperledger gains 11 major finance players in blockchain initiative
  • Intel Begins Landing Apollolake Support Within Coreboot
    Intel engineers have begun landing support for the next-gen "Apollolake" SoC within Coreboot and support for the initial development board. Apollolake (Apollo Lake) is Intel's 14nm SoC for low-cost PC/notebooks, and surely Chromebooks. Apollolake uses the Goldmont CPU core and Skylake Gen9 derived graphics. Apollolake is the successor to Braswell. Apollo Lake systems will be available later in 2016.
  • Russian Government Planning To Replace All Of Its Windows Computers With Linux
    The Russian government is planning to replace all of its Windows-powered computers with some Linux distribution. The government has justified this decision by stating that American technology companies like Google and Microsoft need to pay more taxes.
  • Russia Going To GNU/Linux Late Rather Than Never
    Back in 2010, Putin put into (slow)motion a move to GNU/Linux. There were several projects but nothing concrete and system-wide. Finally, in 2016, thanks to the price of oil, sanctions and global politics, the time is ripe.
  • The Age of Docker is Upon Us
    With Container Summit going on in New York this week, there is a lot of news related to Docker, Kubernetes and various container technology star players. Datawise announced that it has made some key contirubtions to advance Kubernetes, a tool Google developed and used to make containerization more useful by making it possible to manage containerized applications.
  • Handheld Emulation: Achievement Unlocked!
    I love video game emulation. My favorite games were produced in the 1980s and 1990s, so if I want to play them, I almost always have to emulate the old systems. There is usually a legal concern about ROM files for games, even if you own the original cartridges, so I'm not going to tell you where to find ROMs to download or anything like that. What I am going to share is my recent discovery of the perfect handheld gaming system. Oddly enough, it was never intended to be an emulator.
  • GNOME 3.20's Feature Freeze Is Next Week
    Next week marks GNOME 3.20's feature freeze followed by the GNOME 3.20 (v3.19.90) beta release. The GNOME Release Team sent out a reminder that next week marks the API/ABI, UI, and feature freezes along with the start of release note writing and the GNOME 3.20 beta release.
  • SUSE and business open source specialist it-novum collaborate to expand Ceph platform’s Storage Management
    Powered by Ceph, SUSE Enterprise Storage is a self-managing, self-healing, distributed software-based storage solution for enterprise customers. The collaboration between it-novum and SUSE will bring centralized management of file, block and object storage via openATTIC's single graphical user interface to future releases of SUSE Enterprise Storage.
  • App: Download Manager for Samsung Z1 / Z3 is Available in Tizen Store
    Download Manager for Tizen Smartphones, namely the Samsung Z1 and Z3, is a powerful download speed booster and an advanced download manager combined into one. A must-have app for the power user that wants to download files off the Internet in a fast and efficient manner.

Red Hat News

Leftovers: OSS

  • India Asks Tech Companies To Use Open Source Technologies For Connectivity
    A day after taking a tough stand on Facebook’s Free Basics and banning it from India, TRAI (Telecom Regulator Authority of India) has also given a cue to the tech giants like Facebook and Google over the use of open source software. TRAI has hinted to these companies that their connectivity framework would only be accepted in India if they followed an open source approach. [...] Ram Sewak Sharma, who is the current chairman of TRAI, has clearly put a stress on using open source technology over a company specific product in making the internet reach to the remote areas. In a recent summit hosted by the Internet and Mobile Association of India, he said, "I don’t like to comment on a specific product. But India has adopted an open source policy and open API [application program interface] policy. The whole objective is that there should not be a situation of a vendor lock-in."
  • Bluehost Develops Open Source Script To Update Two Million WordPress Sites
    The cloud-based solutions provider's custom script reduced WordPress-related technical issues by 18 percent.
  • What's New in February '16 in Open Source CMS
    By any measure, WordPress is the most popular content management system on the planet. But that distinction also makes it especially popular with hackers and attackers. Early this month Menifee, Calif.-based security company Sucuri reported a spike in WordPress infections, with a large number of sites getting injected with the same malicious scripts. Sucuri called it "a massive admedia/adverting iframe infection" characterized by the injection of encrypted code at the end of all legitimate .js files.
  • Dive into Apache Hadoop open source technology
    On this week’s NFV/SDN Reality Check, we look at some top news items from across the space as well as speak with Cloudera on CSPs adopting Apache Hadoop open source technology
  • Vote for Presentations - OpenStack Summit Austin 2016
    The first OpenStack Summit this year will take place in Austin (TX, US) from April 25-29, 2016. The "Call for Speakers" period ended some days ago and now the community voting for presentation started and will end 17th February, 11:59 PST (18th February 7:59 UTC / 08:59 CEST).
  • Liberty Eiffel wrapper for IUP toolkit
    Since a couple of months ago I’m working in a Liberty Eiffel wrapper to the IUP toolkit. IUP is a multi-platform toolkit for building graphical user interfaces. This is still under development, but I think the current state is enough to start playing with it. Here some screen shots: