Legal Threats

By Ryan Naraine  |  Posted 2005-04-01 Print this article Print

Richard Stiennon, vice president of threat research at Webroot, said the latest brouhaha around spyware definitions is a direct result of an increase in legal threats against anti-spyware vendors and advocates.

"The threat of litigation is a growing issue. The only reason PestPatrol would stop identifying a piece of adware as a threat is because the lawyers are sending them letters," Stiennon said.

Clarias GAIN is listed high on Webroots top 10 spyware threats because, according to Stiennon, it falls under the three broad criteria used to determine threats.

GAIN is described as an adware program that displays banner advertisements based on a users Web surfing habits. The application is usually bundled with numerous free software programs, including the Kazaa file-sharing program.

Stiennon wont discuss individual legal threats from adware companies, but he said the company was constantly receiving cease-and-desist letters from some of the biggest names in the behavioral marketing business.

"The legal threats are constant. Its becoming a drain on our resources, but that tells us were having an impact on dealing with spyware," Stiennon said. "I dont think PestPatrol should have backed down because thats what the adware vendors want. They want to force the issue and avoid detection."

Ben Edelman, a Harvard University student who monitors the spyware scourge, has published a detailed list of threats and demands made by adware providers. The list includes actual lawsuits filed against anti-spyware vendors and legal complaints against bloggers and other spyware critics.

Webroots Stiennon said his company uses very simple and straightforward definition criteria. "If the software displays ads, its adware. Its that simple."

But even then, he said he agrees there are gray areas, especially when the ads are displayed with the applications real estate. The free versions of the Opera browser and the Eudora e-mail client display advertising, but those arent classified as spyware.

Webroot also looks closely for system monitors or keystroke loggers, programs that gather data about a users activity and transmit that data to unknown destinations. "These are the more dangerous threats because it can be used to steal passwords, credit card numbers and other sensitive data."

Webroot also flags behavior-tracking cookies that identify Web sites that users visit for the explicit purpose of serving targeted advertisements.

Spyware has snagged Blogger users. Click here to read more. PestPatrols Tori Case defended the companys use of a rigid definition formula, which is revisited and updated to accommodate new threats.

"We revisit the scorecard every 90 days to make modifications to reflect the changing nature of the spyware market. Thats how we address the issues of a company playing games. Its a rapidly evolving world out there, and we have systems in place to deal with it," Case said.

She said the vast majority of vendor appeals do not result in big changes to the PestPatrol product, and even when detections are removed, old versions of the adware program are still detected and deleted.

"Were very committed to the approach weve taken with the scorecard. Thats not going to change anytime in the future," Case added.

Microsofts Bryan said he thinks the confusion points to the need for an industry body to kick-start dialogue. Such an initiative would take the place of COAST, the anti-spyware coalition that collapsed earlier this year amid a rash of acrimony and finger-pointing. The COAST group fell apart after several founding members objected to the decision to allow membership to 180solutions Inc., a Bellevue, Wash.-based search marketing company that uses questionable tactics to install ad-serving software on computers.

PestPatrol, Webroot and Sunbelt all have echoed Microsofts call for a new coalition with clearly defined guidelines and objectives.

"There is a crying need for information-sharing [among anti-spyware vendors]," Howes said. "The goal of a new coalition needs to be narrower and tightly defined."

PestPatrols Case said she agrees. "Hindsight is 20-20 for all of us. Some big mistakes were made in COAST that we can all learn from. Although there is a place for certification [of adware applications], it should not be within an anti-spyware group. We need to build a wall to avoid those conflict-of-interest issues."

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel