Language Selection

English French German Italian Portuguese Spanish

Giving New Meaning to 'Spyware'

Filed under
Security

Supreme Court Justice Potter Stewart famously said that he couldn't define obscenity, but that he knew it when he saw it.

The same has long been the case with spyware. It's not easy to define, but most people know it when parasitic programs suck up resources on their computer and clog their browsers with pop-up ads.

Recognizing that one person's search toolbar is another's spyware, a coalition of consumer groups, ISPs and software companies announced on Tuesday that it has finally come up with a mutually agreeable definition for the internet plague.

Spyware impairs "users' control over material changes that affect their user experience, privacy or system security; use of their system resources, including what programs are installed on their computers; or collection, use and distribution of their personal or otherwise sensitive information," according to the Anti-Spyware Coalition, which includes Microsoft, EarthLink, McAfee and Hewlett-Packard.

The group hopes the definitions will clear the way for anti-spyware legislation and help create a formal, centralized method for companies to dispute or change their software's classification.

"One of the biggest challenges we've had with spyware has been agreeing on what it is," said Ari Schwartz, associate director of the Center for Democracy and Technology, which has led the group's work. "The anti-spyware community needs a way to quickly and decisively categorize the new programs spawning at exponential rates across the internet."

The lack of standard definitions of spyware and adware has doomed federal and state legislation and hampered collaboration between anti-spyware forces.

In a colloquial sense, spyware is used to refer to a whole range of programs, including unwanted browser toolbars that come bundled with other downloads, surf-tracking software that generates pop-up ads, and software that tries to capture passwords and credit-card numbers.

Software companies like Claria, which distribute their pop-up advertising software by bundling it with free programs such as peer-to-peer software, adamantly deny their products are "spyware." They point out that users can usually find a definition of the programs' effects deep in the user agreement.

It is unclear what effect the new definitions will have on current anti-spyware programs, such as Lavasoft's Ad-Aware and Microsoft's free AntiSpyware tool.

Recently, Microsoft downgraded the default program action for Claria's software from "Remove" to "Ignore," which prompted widespread criticism.

Microsoft responded by saying that it had changed the handling of "Claria software in order to be fair and consistent with how Windows AntiSpyware (beta) handles similar software from other vendors."

Microsoft is in negotiations to buy venture-capital-backed Claria, according to The New York Times.

Ben Edelman, the country's foremost spyware researcher, questions whether the new definitions are simply there so that adware companies can find a way to get a stamp of approval for their software.

"From the perspective of users whose computers are infected, there is nothing hard about (defining spyware)," Edelman said. "If you have adware or spyware on your computer, you want it gone.

"Maybe the toolbar is Mother Theresa, but it's Mother Theresa sitting in your living room uninvited and you want her gone also," Edelman said. "You don't need a committee of 50 smart guys in D.C. sipping ice tea in order to decide that.

"The question is, what do you want to do with it? If you had a consensus of 100 computer-repair technicians or Bill Gates himself, what would they say to do?"

By Ryan Singel
Wired News

More in Tux Machines

openSUSE Tumbleweed Is Now Powered by Linux Kernel 4.17, KDE Plasma 5.13 Landed

As of today, the openSUSE Tumbleweed rolling operating system is now powered by the latest and most advanced Linux 4.17 kernel series, which landed in the most recent snapshot released earlier. Tumbleweed snapshot 20180615 was released today, June 17, 2018, and it comes only two days after snapshot 20180613, which added the Mesa 18.1.1 graphics stack and KDE Plasma 5.13 desktop environment, along with many components of the latest KDE Applications 18.04.2 software suite. Today's snapshot 20180615 continued upgrading the KDE Applications software suite to version 18.04.2, but it also upgraded the kernel from Linux 4.16.12 to Linux 4.17.1. As such, OpenSuSE Tumbleweed is now officially powered by Linux kernel 4.17, so upgrading your installs as soon as possible would be a good idea. Read more

today's howtos and leftovers

OSS Leftovers

  • Using Open Source Software in a SecDevOps Environment
    On 21 June 2018 the Open Source Software3 Institute is hosting a discussion that should be of high interest to enterprise technologists in the DC/Northern Virginia, Maryland area. From their invite: Come hear from our panelists about how the worlds of Open Source Software and the Secure Development / Operations (SecDevOps) intersect and strengthen one another. SecDevOps seeks to embed security in the development process as deeply as DevOps has done with operations, and Open Source Software is a major factor in Security, Development, and Operations. Tickets are free, but you need to register soon because seating is limited.
  • TenFourFox FPR8b1 available
    TenFourFox Feature Parity Release 8 beta 1 is now available (downloads, release notes, hashes). There is much less in this release than I wanted because of a family member in the hospital and several technical roadblocks. Of note, I've officially abandoned CSS grid again after an extensive testing period due to the fact that we would need substantial work to get a functional implementation, and a partially functional implementation is worse than none at all (in the latter case, we simply gracefully degrade into block-level divs). I also was not able to finish the HTML input date picker implementation, though I've managed to still get a fair amount completed of it, and I'll keep working on that for FPR9. The good news is, once the date picker is done, the time picker will use nearly exactly the same internal plumbing and can just be patterned off it in the same way. Unlike Firefox's implementation, as I've previously mentioned our version uses native OS X controls instead of XUL, which also makes it faster. That said, it is a ghastly hack on the Cocoa widget side and required some tricky programming on 10.4 which will be the subject of a later blog post.
  • GNU dbm 1.15
    GDBM tries to detect inconsistencies in input database files as early as possible. When an inconcistency is detected, a helpful diagnostics is returned and the database is marked as needing recovery. From this moment on, any GDBM function trying to access the database will immediately return error code (instead of eventually segfaulting as previous versions did). In order to reconstruct the database and return it to healthy state, the gdbm_recover function should be used.

Server: GNU/Linux Dominance in Supercomputers, Windows Dominance in Downtime

  • Five Supercomputers That Aren't Supercomputers
    A supercomputer, of course, isn't really a "computer." It's not one giant processor sitting atop an even larger motherboard. Instead, it's a network of thousands of computers tied together to form a single whole, dedicated to a singular set of tasks. They tend to be really fast, but according to the folks at the International Supercomputing Conference, speed is not a prerequisite for being a supercomputer. But speed does help them process tons of data quickly to help solve some of the world's most pressing problems. Summit, for example, is already booked for things such as cancer research; energy research, to model a fusion reactor and its magnetically confined plasma tohasten commercial development of fusion energy; and medical research using AI, centering around identifying patterns in the function and evolution of human proteins and cellular systems to increase understanding of Alzheimer’s, heart disease, or addiction, and to inform the drug discovery process.
  • Office 365 is suffering widespread borkage across Blighty
     

    Some users are complaining that O365 is "completely unusable" with others are reporting a noticeable slowdown, whinging that it's taking 30 minutes to send and receive emails.