Kazaa Rates as Worst Pest on CAs Spyware List

CA has launched a list of the worst spyware threats as part of a new program to combat unwanted software "pests." At the top of that list: the peer-to-peer application Kazaa.

Computer Associates International Inc. has launched a list of the worst spyware threats as part of a new program to combat unwanted software "pests." At the top of that list: the peer-to-peer application Kazaa.

The company initiated its Spyware Information Center earlier this month with the launch of eTrust PestPatrol Anti-Spyware r5, enterprise-oriented software designed to tackle unwanted spyware, adware and trojans, a category of threats it calls "pests" to distinguish them from viruses and security vulnerabilities. But out of the entire category, the top threat is the Kazaa peer-to-peer application, which CA characterized as prone to degrading network performance, consuming vast amounts of storage and creating security issues.

The other top threats are Ezulas TopText reference tool, which installs ads on a users machine; Adopt.Hotbar.com, which tracks Web usage patterns; GameSpy Arcade, which installs adware; and Download Accelerator Plus, which carries out actions such as changing browser settings, displaying popunder ads and transmitting information to a Web site without the users permission. The most rapidly spreading pests were Gator/GAIN/Claria and Grokster.

Spyware, trojans and the like have become a serious nuisance for enterprises, sharing data on users Web surfing habits, displaying advertisements and even opening the way to remote attacks. Gartner has estimated that 80 to 90 percent of computers have some form of spyware on them.

The issue of labeling software as spyware has become controversial, with software vendors arguing that users tend to choose to install the applications, knowing the risks, in order to get a particular service. But Simon Perry, vice president of security strategy for CA, said users often dont understand the threats posed by many applications, and relatively innocuous terms such as "adware" dont get the message across.

"People at the moment dont really appreciate whats going on," he said. "People are worried about privacy, but they dont realize that these applications arent just passively serving ads, theyre tracking where you go." At the moment, the company uses the term "spyware" on its Web site because its a term that people are familiar with, although "pest" is a more accurate catch-all.

Kazaa comes bundled with adware, but it is mainly a threat because peer-to-peer applications are inherently dangerous, Perry said. "What were saying is, it presents a security risk because youre opening your machine and file structures to another 3.5 million peers," he said. The network can be used to spread malware such as viruses, he said. Of course, e-mail presents similar dangers, but these are well-enough understood that it wouldnt be useful to list as pests applications such as Microsoft Corp.s Outlook, he said.

Kazaa has a high "clot factor" of 50, a measurement of how many registry entries, files and directories an application adds. The higher the clot factor, the more difficult a pest is to remove. The highest clot factor in the top five is GameSpy Arcade, at 128.

Anti-spyware companies have taken different approaches to what they identify as an undesirable element. Earlier this month, for example, a deal between adware vendor WhenU and anti-spyware company Aluria Software raised red flags in the anti-spyware community.

As part of its "Spyware SAFE Certification Program," Aluria gave passing marks to WhenU, which historically has been characterized as spyware by many in the industry. In a separate development, Aluria said it now runs WhenUs UControl, a free desktop scanning program that removes unwanted spyware programs. Aluria responded to criticism by saying desktop advertising is a legitimate business if it is held to standards.

Earlier this week, researcher Eric Howes, a graduate student at the University of Illinois at Urbana-Champaign, found that the best-performing anti-spyware scanner failed to detect about 25 percent of the "critical" files and registry entries installed by the malicious programs.


Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.