Language Selection

English French German Italian Portuguese Spanish

Giving New Meaning to 'Spyware'

Filed under
Security

Supreme Court Justice Potter Stewart famously said that he couldn't define obscenity, but that he knew it when he saw it.

The same has long been the case with spyware. It's not easy to define, but most people know it when parasitic programs suck up resources on their computer and clog their browsers with pop-up ads.

Recognizing that one person's search toolbar is another's spyware, a coalition of consumer groups, ISPs and software companies announced on Tuesday that it has finally come up with a mutually agreeable definition for the internet plague.

Spyware impairs "users' control over material changes that affect their user experience, privacy or system security; use of their system resources, including what programs are installed on their computers; or collection, use and distribution of their personal or otherwise sensitive information," according to the Anti-Spyware Coalition, which includes Microsoft, EarthLink, McAfee and Hewlett-Packard.

The group hopes the definitions will clear the way for anti-spyware legislation and help create a formal, centralized method for companies to dispute or change their software's classification.

"One of the biggest challenges we've had with spyware has been agreeing on what it is," said Ari Schwartz, associate director of the Center for Democracy and Technology, which has led the group's work. "The anti-spyware community needs a way to quickly and decisively categorize the new programs spawning at exponential rates across the internet."

The lack of standard definitions of spyware and adware has doomed federal and state legislation and hampered collaboration between anti-spyware forces.

In a colloquial sense, spyware is used to refer to a whole range of programs, including unwanted browser toolbars that come bundled with other downloads, surf-tracking software that generates pop-up ads, and software that tries to capture passwords and credit-card numbers.

Software companies like Claria, which distribute their pop-up advertising software by bundling it with free programs such as peer-to-peer software, adamantly deny their products are "spyware." They point out that users can usually find a definition of the programs' effects deep in the user agreement.

It is unclear what effect the new definitions will have on current anti-spyware programs, such as Lavasoft's Ad-Aware and Microsoft's free AntiSpyware tool.

Recently, Microsoft downgraded the default program action for Claria's software from "Remove" to "Ignore," which prompted widespread criticism.

Microsoft responded by saying that it had changed the handling of "Claria software in order to be fair and consistent with how Windows AntiSpyware (beta) handles similar software from other vendors."

Microsoft is in negotiations to buy venture-capital-backed Claria, according to The New York Times.

Ben Edelman, the country's foremost spyware researcher, questions whether the new definitions are simply there so that adware companies can find a way to get a stamp of approval for their software.

"From the perspective of users whose computers are infected, there is nothing hard about (defining spyware)," Edelman said. "If you have adware or spyware on your computer, you want it gone.

"Maybe the toolbar is Mother Theresa, but it's Mother Theresa sitting in your living room uninvited and you want her gone also," Edelman said. "You don't need a committee of 50 smart guys in D.C. sipping ice tea in order to decide that.

"The question is, what do you want to do with it? If you had a consensus of 100 computer-repair technicians or Bill Gates himself, what would they say to do?"

By Ryan Singel
Wired News

More in Tux Machines

today's howtos

Linux Graphics

  • The RADV Radeon Vulkan Linux Driver Continues Picking Up Features
  • OpenChrome Maintainer Making Some Progress On VIA DRM Driver
    Independent developer Kevin Brace took over maintaining the OpenChrome DDX driver earlier this year to improve the open-source VIA Linux graphics support while over the summer he's slowly been getting up to speed on development of the OpenChrome DRM driver. The OpenChrome DRM driver was making progress while James Simmons was developing it a few years back, but since he left the project, it's been left to bit rot. It will take a lot of work even to get this previously "good" code back to working on the latest Linux 4.x mainline kernels given how DRM core interfaces have evolved in recent times.
  • My talk about Mainline Explicit Fencing at XDC 2016!
    Last week I was at XDC in Helsinki where I presented about the Explicit Fencing work we’ve been doing on the Mainline Linux Kernel in the lastest few months. There was a livestream of all presentations during the conference and recorded sections are available. You can check the video of my presentation. Check out the slides too.

Linux Kernel News

  • Linux 4.8 gets rc8
    Chill, penguin-fanciers: Linux lord Linus Torvalds is sitting on the egg that is Linux 4.8 for another week. As Torvalds indicated last week, this version of the kernel still needs work and therefore earned itself an eighth release candidate.
  • Linux 4.8-rc8 Released: Linux 4.8 Next Weekend
  • Linux Kernel 4.7.5 Released with Numerous ARM and Networking Improvements
    The fifth maintenance update to the Linux 4.7 kernel series, which is currently the most advanced, secure and stable kernel branch you can get for your GNU/Linux operating system, has been announced by Greg Kroah-Hartman. Linux kernel 4.7.5 is here only ten days after the release of the previous maintenance version, namely Linux kernel 4.7.4, and it's a big update that changes a total of 213 files, with 1774 insertions and 971 deletions, which tells us that the kernel developers and hackers had a pretty busy week patching all sorts of bugs and security issues, as well as to add various, much-needed improvements.
  • Blockchain Summit Day Two: End-Of-Conference Highlights From Shanghai
    Financial services firms and startups looking to be the bridge to blockchain ledgers continued to dominate presentations on the second and final day of the Blockchain Summit, ending International Blockchain Week in Shanghai that also saw Devcon2 and a startup demo competition.
  • Testing Various HDDs & SSDs On Ubuntu With The Linux 4.8 Kernel
    Here are some fresh benchmarks of various solid-state drives (SATA 3.0 SSDs plus two NVMe M.2 SSDs) as well as two HDDs for getting a fresh look at how they are performing using the Linux 4.8 Git kernel. After publishing Friday's Intel 600P Series NVME SSD tests of this lower-cost NVM Express storage line-up, I continued testing a few other SSDs and HDDs. These additional reference points are available for your viewing pleasure today. The additional data is also going to be used for reference in a Linux 4.8-based BCache SSD+HDD comparison being published next week. Stay tuned for those fresh BCache numbers.

Behind the GNOME 3.22 Release Video

This is less than usual. The time saving mostly stems from spending less time recording for the release video. At first thought you might think recording would be a breeze but it can be one of the most frustrating aspects of making the videos. Each cycle the GNOME community lands improvement a wide set of GNOME’s applications. So before each release I have to find some way to run a dozen of applications from master. I do this either by: Read more