Feeds

Industry coalition takes stab at defining spyware

Grappling with semantics

  • alert
  • submit to reddit

SANS - Survey on application security programs

Technology companies have formed an alliance with public interest groups to tackle spyware. Membership of the Anti-Spyware Coalition (here) includes large software developers, anti-spyware companies and others. Current members include AOL, Computer Associates, EarthLink, HP, Lavasoft, McAfee, Microsoft, PC Tools, Symantec, Trend Micro, Yahoo!, UC Berkeley, the Business Software Alliance and the Cyber Security Industry Alliance.

ASC has ventured where angels fear to tread in drafting a definition for "spyware" (below), which it's offering up for public debate. Comments (to ASC not El Reg, thank you) are invited until 12 August after which ASC will formulate a "final definition" for spyware which it promises will incorporate the best recommendations for the public at large.

Spyware and other potentially unwanted technologies are those that "impair users' control over material changes that affect their user experience, privacy, or system security; use of their system resources, including what programs are installed on their computers; or collection, use, and distribution of their personal or otherwise sensitive information."

That's a bit of a mouthful but ASC hopes its definition will settle a few pub arguments and allow vendors to concentrate on weightier matters, such as fighting the growth of spyware. "One of the biggest challenges we've had with spyware has been agreeing on what it is," said Ari Schwartz, Associate Director of the Center for Democracy and Technology, which has led the work of the group. "The anti-spyware community needs a way to quickly and decisively categorize the new programs spawning at exponential rates across the Internet. The definitions will serve as a foundation for all future efforts to help users make more informed decisions about which programs to keep and which to delete."

To help consumers, the coalition has drafted an extensive glossary of terms like adware, port scanner, screen scraper, and others commonly associated with unwanted programs. If they get around to defining virus, worm, Trojan and root kit then we'd really be onto something.

The ASC has also outlined common procedures for dispute resolution for vendors who believe their software has been unfairly flagged by an anti-spyware company as part of its efforts to make the practices of anti-spyware companies more transparent.The organisation is also offering consumers tips on how to stay clear of spyware infestation here. ®

Related stories

Vendors exit anti-spyware group (COAST)
Anti-spyware group collapses
Adware firm 180solutions in image makeover
MS downgrades Claria adware detection
Judge bans company's deceptive anti-spyware claims
UK preps major security awareness campaign
US moves towards anti-spyware law

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.