Security threats Toolkit

Anti-Spyware Coalition to define terms

Tags:
Adware,
Spyware

Joris Evers ZDNet.co.uk

Published: 03 Jun 2005 13:45 BST

Anti-spyware software makers are taking another shot at creating a definition of spyware, this time with help from consumer organizations.

A new group, tentatively named the Anti-Spyware Coalition, plans to publish proposed guidelines later this summer that define spyware, best practices for desktop software development, and a common lexicon, people involved with the group told ZDNet UK's sister site CNET News.com.

Debate has gone on for years over spyware and adware, with manufacturers defending some of these applications as legitimate marketing tools. The terms are slippery, frequently used to apply both to the information-thieving software and the often-annoying advertising tools bundled with free software programs.

For ZDNet UK's glossary of spyware terms and to find the latest spyware removal tools, see our Spyware special report.

Both spyware and adware can impact PC performance. They are often surreptitiously installed on computers to gather information about people that is used for advertising or provided to other interested parties. The market for tools to remove the unwanted software is booming.

If the new coalition succeeds, its work could clear up confusion over spyware and adware. Also, the group's work could help software makers and legitimate advertisers improve their products.

While specific examples of legitimate and illegitimate behavior aren't hard to pinpoint, identifying clear categories has proved difficult. "The key benefit is getting a handle on the nature of the problem, (getting) industrywide acceptance on what is accepted and what is not," Fewer said.

In an example of why standard definitions are needed, Computer Associates International earlier this year temporarily removed the Gator adware program from the spyware detected by its PestPatrol program. It has since been put back on CA's list of spyware, and the company has changed the way it deals with appeals from spyware makers.

Drafts of the coalition's guidelines are finished and should be published by the end of the summer, when they will be open to public comments, said Ari Schwartz, an associate director at the Center for Democracy and Technology.

The Anti-Spyware Coalition counts software makers, online businesses and security providers among its members. Watchdog groups are taking part too, but they have an associate role.

The Anti-Spyware Coalition is still in its formative stages, with all the parties involved meeting for the first time last week at the CDT offices, Schwartz said. There is commitment to form the coalition, but the group's name has not been formally announced yet, he said. The CDT, a Washington-based public advocacy group, is running the coalition.

Ultimately, according to Fewer, judging whether software is spyware comes down to three components: notice, consent and control. During installation of an application, it should be clear to the user what the tool does. The user should also have to give permission for installation and should be able to remove the application. In many cases, spyware and adware don't meet those basic rules, Fewer said.

The lack of a common approach to defining the unwanted programs has resulted in the anti-spyware tools that flag perceived threats in different ways. Sometimes one anti-spyware tool will identify an application as spyware or adware, while another won't.

"There is much confusion over what spyware is and what it is not. And it starts with the fact that there is no definition," said Tori Case, director of security management at CA.

"What one person calls spyware, another calls adware, another calls surveillance software and yet another says it is not anything. That has