Group Aims to Develop Guidelines to Define Spyware

Security vendors are having increasing difficulty defining and identifying spyware, and their indecision is slowing efforts to assist frustrated IT managers tasked with keeping employees' PCs clean.

Even as the menace grows, security vendors are having increasing difficulty defining and identifying spyware, and their indecision is slowing efforts to assist frustrated IT managers tasked with keeping employees PCs clean.

But help could be on the way. Leading anti-spyware vendors are working with the nonprofit Center for Democracy and Technology to develop guidelines for defining spyware.

The ad hoc group, which has representatives from 10 leading anti-spyware companies, could release as early as next month a list of "dozens of criteria" that define spyware, said Richard Stiennon, vice president of threat research at Webroot Software Inc., in Boulder, Colo.

The effort to standardize spyware definitions is sorely needed, experts say.

A case in point is Computer Associates International Inc.s decision last month to temporarily remove the ubiquitous Gator adware program from the spyware detected by its PestPatrol anti-spyware program.

/zimages/2/28571.gifClick here to read more about Computer Associates new policy for spyware vendor appeals.

CA, of Islandia, N.Y., was following company policy by temporarily delisting software from its spyware database while it considered an appeal from Gators maker, Claria Corp., in Redwood City, Calif., but the move has incensed some spyware opponents.

Gator has since been put back on CAs spyware hit list, along with three other Claria products, eWallet, ScreenScenes and GotSmiley, that hadnt previously been deemed spyware. CA is changing its policy of delisting programs following vendor appeals, said Tori Case, director of eTrust Security Management at the company.

The disagreement between CA and Claria followed a similar incident weeks before, when anti-spyware vendor LavaSoft Inc. decided to delist Inc.s Save adware program, claiming it didnt satisfy the companys criteria for adware.

"The term spyware is an accident," said Eric Howes, of the University of Illinois at Urbana-Champaign and an authority on spyware programs. "People assume that, because theres this term, there must be a tightly defined set of [spyware] software with narrowly defined characteristics, but there isnt."

Howes advocates the term "junkware" instead but said the real problem is with how spyware is defined, not with what it is called.

Currently, leading anti-spyware vendors each have their own criteria for labeling software "spyware" or "adware."

CA has a score card of 21 behaviors that qualify software as spyware, including such actions as installing or updating without the users permission. Software that exhibits any one of the 21 behaviors gets listed, Case said.

Anti-spyware company Sunbelt Software Inc., which makes the CounterSpy product, has an even-longer list of criteria that qualifies software as a potentially unwanted program—a term that is gaining popularity in the industry. However, Sunbelt doesnt necessarily recommend that customers remove all the programs that meet its criteria, said Alex Eckelberry, CEO of Sunbelt, in Clearwater, Fla.

In the end, it will be customers, rather than vendors, that determine how hard a line anti-spyware vendors take on programs, experts agree.

"We have to be an advocate for our customers and make sure were giving them what they want and giving them the protection they need," Case said.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.