ASC Publishes Spyware Guide

Coalition defines terms, behaviors.

Like pornography, spyware has been something that most people cant define but know it when they see it. But no longer.

The Anti-Spyware Coalition, in Washington, has published a document that aims to define key terms and behaviors that characterize spyware. The list of uniform definitions is the first major contribution by the ASC, which was formed early this year and represents a collection of anti-spyware companies and consumer groups.

The list provides examples of "potentially unwanted technologies," a term the group prefers to spyware and is intended to give anti-spyware-software makers a uniform standard by which to evaluate software programs, said Ari Schwartz, associate director of the Center for Democracy and Technology, which heads the ASC.

"We want everybody working from the same book of definitions. The more common discussion there is about [spyware], the better decisions users can make in the marketplace," said David McGuire, communications director at the CDT.

Spyware and other potentially unwanted technologies are defined as programs that "impair users control over material changes that affect their user experience, privacy or system security," as written in an ASC statement.

The group also provided a list of types of potentially unwanted technologies, from keyloggers, Trojan horses and screen scrapers to cookies and other tracking programs used by online advertisers. Each type of program is defined according to the underlying technology and why the technology could be unwanted by the user. A glossary provides definitions of terms such as Trojan, port scanner, spyware and snoopware.

The ASC comprises representatives from various vendors and consumer groups, including the CDT. It tried to avoid labeling any program good or bad and focused on behaviors, Schwartz said. "We dont think technology itself is the problem. Its more about what these programs do to make them unwanted. The underlying technology is neither good nor bad," he said.

For example, root-kit programs lurk below the surface and avoid detection, which the ASC considers an unwanted behavior. "If a program is there, then someone should have meant it to be there, and it should be easy to identify," Schwartz said.

In addition, the ASC document provides software companies and anti-spyware-software developers with guidelines for resolving disagreements over whether a program is potentially unwanted technology.

While the definitions are meant to aid anti-spyware-software vendors and create consistency in how anti-spyware tools label and treat programs they detect, no vendor is compelled to adhere to the ASC definitions, Schwartz said. "Anti-spyware companies ultimately make the decisions," he said. "They all make good products, but they do things differently. Consumers will decide which [program] is best for them in the marketplace."

The ASC has released the definitions for public comment through Aug. 12 and is accepting feedback from everybody—including such companies as 180Solutions, Direct Revenue LLC, Claria Corp. and WhenU Inc., which have been accused of circulating spyware, Schwartz said. "Were interested in getting their comments," he said.