Language Selection

English French German Italian Portuguese Spanish

Giving New Meaning to 'Spyware'

Filed under
Security

Supreme Court Justice Potter Stewart famously said that he couldn't define obscenity, but that he knew it when he saw it.

The same has long been the case with spyware. It's not easy to define, but most people know it when parasitic programs suck up resources on their computer and clog their browsers with pop-up ads.

Recognizing that one person's search toolbar is another's spyware, a coalition of consumer groups, ISPs and software companies announced on Tuesday that it has finally come up with a mutually agreeable definition for the internet plague.

Spyware impairs "users' control over material changes that affect their user experience, privacy or system security; use of their system resources, including what programs are installed on their computers; or collection, use and distribution of their personal or otherwise sensitive information," according to the Anti-Spyware Coalition, which includes Microsoft, EarthLink, McAfee and Hewlett-Packard.

The group hopes the definitions will clear the way for anti-spyware legislation and help create a formal, centralized method for companies to dispute or change their software's classification.

"One of the biggest challenges we've had with spyware has been agreeing on what it is," said Ari Schwartz, associate director of the Center for Democracy and Technology, which has led the group's work. "The anti-spyware community needs a way to quickly and decisively categorize the new programs spawning at exponential rates across the internet."

The lack of standard definitions of spyware and adware has doomed federal and state legislation and hampered collaboration between anti-spyware forces.

In a colloquial sense, spyware is used to refer to a whole range of programs, including unwanted browser toolbars that come bundled with other downloads, surf-tracking software that generates pop-up ads, and software that tries to capture passwords and credit-card numbers.

Software companies like Claria, which distribute their pop-up advertising software by bundling it with free programs such as peer-to-peer software, adamantly deny their products are "spyware." They point out that users can usually find a definition of the programs' effects deep in the user agreement.

It is unclear what effect the new definitions will have on current anti-spyware programs, such as Lavasoft's Ad-Aware and Microsoft's free AntiSpyware tool.

Recently, Microsoft downgraded the default program action for Claria's software from "Remove" to "Ignore," which prompted widespread criticism.

Microsoft responded by saying that it had changed the handling of "Claria software in order to be fair and consistent with how Windows AntiSpyware (beta) handles similar software from other vendors."

Microsoft is in negotiations to buy venture-capital-backed Claria, according to The New York Times.

Ben Edelman, the country's foremost spyware researcher, questions whether the new definitions are simply there so that adware companies can find a way to get a stamp of approval for their software.

"From the perspective of users whose computers are infected, there is nothing hard about (defining spyware)," Edelman said. "If you have adware or spyware on your computer, you want it gone.

"Maybe the toolbar is Mother Theresa, but it's Mother Theresa sitting in your living room uninvited and you want her gone also," Edelman said. "You don't need a committee of 50 smart guys in D.C. sipping ice tea in order to decide that.

"The question is, what do you want to do with it? If you had a consensus of 100 computer-repair technicians or Bill Gates himself, what would they say to do?"

By Ryan Singel
Wired News

More in Tux Machines

Games: The Spicy Meatball Saves The Day, Uebergame, DwarfCorp

Android Leftovers

Baidu puts open source deep learning into smartphones

A year after it open sourced its PaddlePaddle deep learning suite, Baidu has dropped another piece of AI tech into the public domain – a project to put AI on smartphones. Mobile Deep Learning (MDL) landed at GitHub under the MIT license a day ago, along with the exhortation “Be all eagerness to see it”. MDL is a convolution-based neural network designed to fit on a mobile device. Baidu said it is suitable for applications such as recognising objects in an image using a smartphone's camera. Read more

AMD and Linux Kernel

  • Ataribox runs Linux on AMD chip and will cost at least $250
    Atari released more details about its Ataribox game console today, disclosing for the first time that the machine will run Linux on an Advanced Micro Devices processor and cost $250 to $300. In an exclusive interview last week with GamesBeat, Ataribox creator and general manager Feargal Mac (short for Mac Conuladh) said Atari will begin a crowdfunding campaign on Indiegogo this fall and launch the Ataribox in the spring of 2018. The Ataribox will launch with a large back catalog of the publisher’s classic games. The idea is to create a box that makes people feel nostalgic about the past, but it’s also capable of running the independent games they want to play today, like Minecraft or Terraria.
  • Linux 4.14 + ROCm Might End Up Working Out For Kaveri & Carrizo APUs
    It looks like the upstream Linux 4.14 kernel may end up playing nicely with the ROCm OpenCL compute stack, if you are on a Kaveri or Carrizo system. While ROCm is promising as AMD's open-source compute stack complete with OpenCL 1.2+ support, its downside is that for now not all of the necessary changes to the Linux kernel drivers, LLVM Clang compiler infrastructure, and other components are yet living in their upstream repositories. So for now it can be a bit hairy to setup ROCm compute on your own system, especially if running a distribution without official ROCm packages. AMD developers are working to get all their changes upstreamed in each of the respective sources, but it's not something that will happen overnight and given the nature of Linux kernel development, etc, is something that will still take months longer to complete.
  • Latest Linux kernel release candidate was a sticky mess
    Linus Torvalds is not noted as having the most even of tempers, but after a weekend spent scuba diving a glitch in the latest Linux kernel release candidate saw the Linux overlord merely label the mess "nasty". The release cycle was following its usual cadence when Torvalds announced Linux 4.14 release candidate 2, just after 5:00PM on Sunday, September 24th.
  • Linus Torvalds Announces the Second Release Candidate of Linux Kernel 4.14 LTS
    Development of the Linux 4.14 kernel series continues with the second Release Candidate (RC) milestone, which Linus Torvalds himself announces this past weekend. The update brings more updated drivers and various improvements. Linus Torvalds kicked off the development of Linux kernel 4.14 last week when he announced the first Release Candidate, and now the second RC is available packed full of goodies. These include updated networking, GPU, and RDMA drivers, improvements to the x86, ARM, PowerPC, PA-RISC, MIPS, and s390 hardware architectures, various core networking, filesystem, and documentation changes.