Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    The Chaotic World of Defining Spyware

    Written by

    Ryan Naraine
    Published April 1, 2005
    Share
    Facebook
    Twitter
    Linkedin

      Earlier this week, when anti-spyware vendor eTrust PestPatrol temporarily removed detections for eight adware applications marketed by Claria, the move caused many a raised eyebrow among anti-spyware advocates.

      PestPatrol said Friday it would relist all of the Claria Corp. applications on its threat database after a one-week Vendor Appeal Process, but the absence of a standard approach to defining the unwanted programs has plunged the industry into deep chaos and confusion.

      PestPatrol, which is marketed by Computer Associates International Inc., uses a strict, 21-point Spyware Scorecard to determine whether to flag a piece of software as a privacy or security threat.

      “We use a behavior-based list of criteria, and we make that list public. If your software meets any of the criteria, youre classified as spyware in our database,” said Tori Case, director of security management at eTrust PestPatrol.

      That approach, Case argued, sets up a structure for a legitimate adware vendor with good intentions to “clean up their act” in an open, transparent way.

      In stark contrast to the PestPatrol approach, anti-spyware players such as Webroot Software Inc., Sunbelt Software and newcomer Microsoft Corp. deliberately avoid limiting or restricting the definition criteria.

      “The adware vendors want you to use strict definitions so they can play games and work around those lists. Thats why PestPatrol is having problems with delisting and relisting,” said Eric Howes, an anti-spyware advocate who provides consulting services for Sunbelt. “The minute you set up these definition lists, you are setting yourself up for cat-and-mouse games.”

      “A better approach is to define a set of objectionable practices. Many people want to focus on the quality and functionality of the software, but that doesnt work because theres a lot of deceptive intent [from adware vendors],” Howes said in an interview with eWEEK.com.

      “You have to focus on the business practices and outline a list of objectionable behavior. Yes, it can be subjective, but thats the only way it works in the interest of the consumer,” Howes said.

      /zimages/6/28571.gifClick here to read about how a Windows Media Player update failed a spyware infection test.

      Paul Bryan, director of product management in Microsofts Security Business and Technology Unit, said the differing approaches, definitions and types of criteria are a problem that needs to be addressed.

      Bryan told eWEEK.com that key elements of any anti-spyware product are the approach and criteria used to determine whether a program should be added to the definition library for detection, and what classification would be appropriate.

      “Today, the industry uses different approaches, definitions and types of criteria for identifying and categorizing spyware and other potentially unwanted software, which limits the industrys ability to have a broad, coordinated impact in addressing the problem,” Bryan said.

      Microsofts Windows AntiSpyware, which is currently in beta, will not use strict, publicly known definitions. According to a white paper outlining its approach, Microsoft will zero in on deceptive behaviors and the amount of control the user is given.

      “Unlike other forms of software, which tend to either be good or bad, spyware often exists in shades of gray. With the exception of malicious behaviors, many of the behaviors could have legitimate purposes,” according to the Microsoft document.

      The software giant said the Windows AntiSpyware product will sift through issues such as notice and consent about what is running on the users machine; control over the actions taken by the program while it is running on the machine; the way private data is collected and used without explicit consent; and the negative impact on the security of a PC.

      Microsofts criteria also address the general impact on performance, reliability and quality of the users computing experience. For example, if an adware program slows down PC performance or corrupts the operating system, it is likely to be flagged as a spyware threat.

      Microsofts white paper received a thumbs-up from researcher Eric Howes. “They are moving in the right direction. There are a few weaknesses here and there, and Id like to see them provide some more details, but generally their approach is good.”

      Next Page: An increase in legal threats.

      Legal Threats


      Richard Stiennon, vice president of threat research at Webroot, said the latest brouhaha around spyware definitions is a direct result of an increase in legal threats against anti-spyware vendors and advocates.

      “The threat of litigation is a growing issue. The only reason PestPatrol would stop identifying a piece of adware as a threat is because the lawyers are sending them letters,” Stiennon said.

      Clarias GAIN is listed high on Webroots top 10 spyware threats because, according to Stiennon, it falls under the three broad criteria used to determine threats.

      GAIN is described as an adware program that displays banner advertisements based on a users Web surfing habits. The application is usually bundled with numerous free software programs, including the Kazaa file-sharing program.

      Stiennon wont discuss individual legal threats from adware companies, but he said the company was constantly receiving cease-and-desist letters from some of the biggest names in the behavioral marketing business.

      “The legal threats are constant. Its becoming a drain on our resources, but that tells us were having an impact on dealing with spyware,” Stiennon said. “I dont think PestPatrol should have backed down because thats what the adware vendors want. They want to force the issue and avoid detection.”

      Ben Edelman, a Harvard University student who monitors the spyware scourge, has published a detailed list of threats and demands made by adware providers. The list includes actual lawsuits filed against anti-spyware vendors and legal complaints against bloggers and other spyware critics.

      Webroots Stiennon said his company uses very simple and straightforward definition criteria. “If the software displays ads, its adware. Its that simple.”

      But even then, he said he agrees there are gray areas, especially when the ads are displayed with the applications real estate. The free versions of the Opera browser and the Eudora e-mail client display advertising, but those arent classified as spyware.

      Webroot also looks closely for system monitors or keystroke loggers, programs that gather data about a users activity and transmit that data to unknown destinations. “These are the more dangerous threats because it can be used to steal passwords, credit card numbers and other sensitive data.”

      Webroot also flags behavior-tracking cookies that identify Web sites that users visit for the explicit purpose of serving targeted advertisements.

      /zimages/6/28571.gifSpyware has snagged Blogger users. Click here to read more.

      PestPatrols Tori Case defended the companys use of a rigid definition formula, which is revisited and updated to accommodate new threats.

      “We revisit the scorecard every 90 days to make modifications to reflect the changing nature of the spyware market. Thats how we address the issues of a company playing games. Its a rapidly evolving world out there, and we have systems in place to deal with it,” Case said.

      She said the vast majority of vendor appeals do not result in big changes to the PestPatrol product, and even when detections are removed, old versions of the adware program are still detected and deleted.

      “Were very committed to the approach weve taken with the scorecard. Thats not going to change anytime in the future,” Case added.

      Microsofts Bryan said he thinks the confusion points to the need for an industry body to kick-start dialogue. Such an initiative would take the place of COAST, the anti-spyware coalition that collapsed earlier this year amid a rash of acrimony and finger-pointing.

      The COAST group fell apart after several founding members objected to the decision to allow membership to 180solutions Inc., a Bellevue, Wash.-based search marketing company that uses questionable tactics to install ad-serving software on computers.

      PestPatrol, Webroot and Sunbelt all have echoed Microsofts call for a new coalition with clearly defined guidelines and objectives.

      “There is a crying need for information-sharing [among anti-spyware vendors],” Howes said. “The goal of a new coalition needs to be narrower and tightly defined.”

      PestPatrols Case said she agrees. “Hindsight is 20-20 for all of us. Some big mistakes were made in COAST that we can all learn from. Although there is a place for certification [of adware applications], it should not be within an anti-spyware group. We need to build a wall to avoid those conflict-of-interest issues.”

      /zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Ryan Naraine
      Ryan Naraine

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×