Language Selection

English French German Italian Portuguese Spanish

Giving New Meaning to 'Spyware'

Filed under
Security

Supreme Court Justice Potter Stewart famously said that he couldn't define obscenity, but that he knew it when he saw it.

The same has long been the case with spyware. It's not easy to define, but most people know it when parasitic programs suck up resources on their computer and clog their browsers with pop-up ads.

Recognizing that one person's search toolbar is another's spyware, a coalition of consumer groups, ISPs and software companies announced on Tuesday that it has finally come up with a mutually agreeable definition for the internet plague.

Spyware impairs "users' control over material changes that affect their user experience, privacy or system security; use of their system resources, including what programs are installed on their computers; or collection, use and distribution of their personal or otherwise sensitive information," according to the Anti-Spyware Coalition, which includes Microsoft, EarthLink, McAfee and Hewlett-Packard.

The group hopes the definitions will clear the way for anti-spyware legislation and help create a formal, centralized method for companies to dispute or change their software's classification.

"One of the biggest challenges we've had with spyware has been agreeing on what it is," said Ari Schwartz, associate director of the Center for Democracy and Technology, which has led the group's work. "The anti-spyware community needs a way to quickly and decisively categorize the new programs spawning at exponential rates across the internet."

The lack of standard definitions of spyware and adware has doomed federal and state legislation and hampered collaboration between anti-spyware forces.

In a colloquial sense, spyware is used to refer to a whole range of programs, including unwanted browser toolbars that come bundled with other downloads, surf-tracking software that generates pop-up ads, and software that tries to capture passwords and credit-card numbers.

Software companies like Claria, which distribute their pop-up advertising software by bundling it with free programs such as peer-to-peer software, adamantly deny their products are "spyware." They point out that users can usually find a definition of the programs' effects deep in the user agreement.

It is unclear what effect the new definitions will have on current anti-spyware programs, such as Lavasoft's Ad-Aware and Microsoft's free AntiSpyware tool.

Recently, Microsoft downgraded the default program action for Claria's software from "Remove" to "Ignore," which prompted widespread criticism.

Microsoft responded by saying that it had changed the handling of "Claria software in order to be fair and consistent with how Windows AntiSpyware (beta) handles similar software from other vendors."

Microsoft is in negotiations to buy venture-capital-backed Claria, according to The New York Times.

Ben Edelman, the country's foremost spyware researcher, questions whether the new definitions are simply there so that adware companies can find a way to get a stamp of approval for their software.

"From the perspective of users whose computers are infected, there is nothing hard about (defining spyware)," Edelman said. "If you have adware or spyware on your computer, you want it gone.

"Maybe the toolbar is Mother Theresa, but it's Mother Theresa sitting in your living room uninvited and you want her gone also," Edelman said. "You don't need a committee of 50 smart guys in D.C. sipping ice tea in order to decide that.

"The question is, what do you want to do with it? If you had a consensus of 100 computer-repair technicians or Bill Gates himself, what would they say to do?"

By Ryan Singel
Wired News

More in Tux Machines

Document Freedom Day 2017

  • Happy Document Freedom Day
    It is with great pleasure again that we are announcing Document Freedom Day celebration. As we mentioned we gave people 1 more month to prepare for the event and run it on Wednesday April 26th so it’s today! DFD is the international day to celebrate and raise awareness of Open Standards. Open Standards goes beyond essays and spreadsheets and covers all digital formats from artwork, sheet and recorded music, email, or statistics. They provide freedom from data lock-in and the subsequent supplier’s lock-in.
  • LibreOffice in The Matrix [m]

Why GPL Compliance Education Materials Should Be Free as in Freedom

I am honored to be a co-author and editor-in-chief of the most comprehensive, detailed, and complete guide on matters related to compliance of copyleft software licenses such as the GPL. This book, Copyleft and the GNU General Public License: A Comprehensive Tutorial and Guide (which we often call the Copyleft Guide for short) is 155 pages filled with useful material to help everyone understand copyleft licenses for software, how they work, and how to comply with them properly. It is the only document to fully incorporate esoteric material such as the FSF's famous GPLv3 rationale documents directly alongside practical advice, such as the pristine example, which is the only freely published compliance analysis of a real product on the market. The document explains in great detail how that product manufacturer made good choices to comply with the GPL. The reader learns by both real-world example as well as abstract explanation. However, the most important fact about the Copyleft Guide is not its useful and engaging content. More importantly, the license of this book gives freedom to its readers in the same way the license of the copylefted software does. Specifically, we chose the Creative Commons Attribution Share-Alike 4.0 license (CC BY-SA) for this work. We believe that not just software, but any generally useful technical information that teaches people should be freely sharable and modifiable by the general public. Read more

Android Leftovers

today's leftovers

  • MPV 0.25.0 Open-Source Video Player Supports DVB-T2, MacBook Pro's Touch Bar
    It's been more than two months since the MPlayer-based MPV open-source video player received an update, and the development team is proud to announce the immediate availability for download of MPV 0.25.0. MPV 0.25.0 is a major milestone and comes with significant changes, such as the fact that starting with this release, all future versions of the player will be tagged on the master branch. Also, this is the first release of MPV to drop support for Mac OS X 10.7 and earlier builds.
  • KDE Plasma 5.9.5 Is the Last in the Series, KDE Plasma 5.10 Is Coming End of May
    As expected, today KDE announced the availability of the fifth maintenance update to the current stable, yet short-lived KDE Plasma 5.9 desktop environment for GNU/Linux operating systems, versioned 5.9.5. KDE Plasma 5.9.5 is here more than a month after the release of the KDE Plasma 5.9.4 update, which most probably many of you use on your favorite GNU/Linux distributions. But the time has come to update your installations to KDE Plasma 5.9.5, the last point release in the series, adding more than 60 improvements across various components.
  • What was Linux like ten years ago?
    Linux has improved by leaps and bounds over the last decade, and more and more people have come to appreciate its power and flexibility. But a redditor recently wondered what it was like to run Linux ten years ago, and he got some very interesting responses from Linux veterans.
  • Highlights of YaST development sprint 33
    It has been a long time since our last status update! The reason is the end of the previous sprint caught quite some of the YaST Team members on vacations and, when the vacation period was over, we were so anxious to jump into development to make YaST another little bit better that the blog post somehow fell behind. But it’s time to pay our (reporting) debts. So these are some of the highlights of the 33th development sprint that finished on April 11th.
  • StackIQ announces support for SUSE Linux Enterprise Server, Raspberry Pi and NetApp Storage Arrays in major new release, Stacki 4.0
  • Red Hat repackages its application management tech into software containers
    A year after buying application connectivity startup 3scale Inc., Red Hat Inc. is making the technology that it obtained through the deal available in a new form geared toward tech-savvy firms. Unveiled on Thursday, Red Hat 3scale API Management – On Premise runs on the company’s OpenShift Container Platform and is designed to be deployed inside Docker instances. It’s an alternative to the original cloud version of 3scale for organizations that wish to keep their operations behind the firewall. The software should be particularly appealing to government agencies and firms in regulated industries, which often can’t move certain workloads off-premises due to security obligations.
  • Ubuntu 17.10 Daily Build Downloads Now Available
    Ubuntu 17.10 daily build images are available to download.
  • This Script Can Make GNOME Shell Look like Windows, Mac, or Unity
    GNOME Shell’s stock experience is fairly vanilla, but with the right ingredients you can give it an entirely different flavour. GNOME Layout Manager is a new script in development that takes advantage of this malleability.
  • 96Boards Officially Launches The HiKey 960 ARM Board
    The 96Boards organization has announced the official launch and shipping of the HiKey 960.