Language Selection

English French German Italian Portuguese Spanish

Little Agreement on Spyware Guidelines

Filed under
Security

Many anti-spyware programs scour computer hard drives for those data-tracking files called cookies that we often get from Web visits. Microsoft Corp.'s tool does not. And there are disputes aplenty about whether certain widely used advertising programs circulating on the Internet are clean of spyware.

No surprise, then, that there's little agreement on what should be considered spyware, and what adware is exactly. Or on whether adware, which delivers ads, is a form of spyware or a breed apart.

Consumers are confounded. Is their computer-cleaning overzealous or not thorough enough? Are they removing useful programs with the dreck?

No less vexed are makers of anti-spyware software. They're beset by legal headaches, constantly challenged for what their products define and target as malware.

"It certainly distracts us from the job at hand," said David Moll, chief executive of Webroot Software Inc.

Help may be on the way. Led by the tech-advocacy group Center for Democracy and Technology, the anti-spyware industry is crafting definitions and plans to eventually set up dispute-resolution procedures. A draft is expected by late summer.

"A definition is the foundation," said Ari Schwartz, the center's associate director. "If a consumer's going to make a decision in the marketplace about what they have and what software they are going to use, it's helpful to have a basis to do that on."

Similar efforts, however, have failed before.

Part of the challenge stems from how the term "spyware" evolved.

"It started out as being called spyware because a lot of it was spying on people and sending personal information," said Dave Methvin, chief technology officer with tech diagnostic site PC Pitstop. "It's a catchy, quick word that is always easy for people to understand and say."

But the term stuck even as some of these programs, in response to consumer complaints, began sending back less data and became less sneaky.

In some people's minds, spyware came to include programs that change Web browser settings without asking or trick users into racking up huge phone bills by making the equivalent of "900" calls to foreign porn sites.

"`Spyware' has sort of become the euphemism for any software I don't want," said Wayne Porter, co-founder of SpywareGuide.com.

The result is chaos.

Microsoft, for instance, chose not to scan cookies because many sites need them to remember passwords and otherwise customize a surfer's experience. Cory Treffiletti of the online ad agency Carat Interactive says cookies help sites identify repeat visitors so the same ads aren't shown over and over.

But other spyware hunters flag cookies on the grounds that they help advertisers track behavior. EarthLink Inc.'s Scott Mecredy says anti-spyware programs have gotten sophisticated enough to distinguish good cookies from bad.

Then there's the question of whether "spyware" includes adware.

Claria Corp., formerly known as Gator Corp., has sued several anti-spyware companies and Web sites for calling its advertising software "spyware." PC Pitstop rewrote some of its materials as part of a settlement.

Even "adware" isn't good enough for some.

Joseph Telafici, director of operations for McAfee Inc.'s security research unit, says the company now gets one or two complaints a week, compared with two or three per quarter last year from companies whose programs it has dubbed spyware or adware.

McAfee is in the process of assigning a full-time lawyer.

Symantec Corp. sought to pre-empt a lawsuit by filing one itself, asking a federal court to declare that it had the right to call Hotbot.com Inc.'s toolbar adware. Hotbot did not respond to requests for comment.

Symantec still faces a lawsuit by Trekeight LLC, whose product Symantec brands adware.

Though it has yet to sue, 180solutions Inc. takes issue with "adware," preferring "searchware" or "sponsorware." "Adware" has become too linked with bad actors, and the industry needs more differentiation, said its chief executive, Keith Smith. Most anti-spyware vendors, however, still put 180solutions in that category.

Aluria Software LLC says one company, WhenU.com Inc., has changed its practices enough that it is now spyware- and adware-safe.

But America Online Inc., though it uses Aluria's technology, prefers a different test: What its users think.

AOL found that users overwhelmingly choose to rid their computers of WhenU's SaveNow application when anti-spyware scans uncover it, so AOL continues to list as adware.

Adding to the confusion is the fact that many legitimate programs -- including Microsoft Corp.'s Windows operating system and Web browser -- send out data without making the user fully aware, one of the common attributes of spyware.

And many programs that spy do have legitimate functions -- people may run a keystroke recorder to monitor spouses whom they suspect of cheating. Or they may willingly accept adware in exchange for a free game or screensaver.

Anti-spyware software companies say they leave removal decisions to customers, though many users simply follow their recommendations, failing to distinguish the mild from the malicious.

"If an anti-spyware company recommends that the software (gets) blocked, consumers will typically block it," said Keith Smith, chief executive of 180solutions. "It doesn't matter how good an experience they have with it."

Alex St. John, chief executive of WildTangent Inc., says anti-spyware companies have an incentive to overlist programs: It makes their products appear effective. Better definitions, he said, would help clear his company's game-delivery product.

"We want to do anything under our power to be clearly defined as a legitimate, upright consumer company," he said. "We would love to have something to adhere to."

Guidelines could give anti-spyware vendors a better defense.

For consumers, said Tori Case of Computer Associates International Inc., "if we start using the correct terminology, we can demystify it a bit and help people understand what the real risks are."

By ANICK JESDANUN
Associated Press

More in Tux Machines

July 2016 issue of The PCLinuxOS Magazine released

The PCLinuxOS Magazine staff is pleased to announce the release of the July 2016 issue. With the exception of a brief period in 2009, The PCLinuxOS Magazine has been published on a monthly basis since September, 2006. The PCLinuxOS Magazine is a product of the PCLinuxOS community, published by volunteers from the community. The magazine is lead by Paul Arnote, Chief Editor, and Assistant Editor Meemaw. The PCLinuxOS Magazine is released under the Creative Commons Attribution- NonCommercial-Share-Alike 3.0 Unported license, and some rights are reserved. In the July 2016 issue: * Seven Years Later: A Look Back * Installing A Seeburg 1000 On PCLinuxOS * ms_meme's Nook: Anytime * PCLinuxOS Family Member Spotlight: tuxlink * GIMP Tutorial: Engraved Text * Game Zone: Funklift * PCLinuxOS Recipe Corner * Tip Top Tips: A Simple HTTP Server * PCLinuxOS Puzzled Partitions * And much more inside! This month’s magazine cover image was designed by Meemaw. Download the PDF (8.3 MB) http://pclosmag.com/download.php?f=2016-07.pdf Download the EPUB Version (6.6 MB) http://pclosmag.com/download.php?f=201607epub.epub Download the MOBI Version (7.6 MB) http://pclosmag.com/download.php?f=201607mobi.mobi Visit the HTML Version http://pclosmag.com/html/enter.html

4MLinux 18.0 Distro Released with Support for LibreOffice 5.2, Thunderbird 45.1

4MLinux developer Zbigniew Konojacki has just informed Softpedia today, July 1, 2016, about the immediate availability for download of the final release of the 4MLinux 18.0 operating system. Read more

GNU/Linux Leftovers

  • Not Love
    I had seen GNU/Linux once before in my life. At a previous school, the husband of one of the teachers installed it on a PC in my presence. He couldn’t get it working…. Still, I read that GNU/Linux did not crash. I needed that. I was willing to make the effort to download and install GNU/Linux if I could have only that. Our Internet connection was a few KB/s on dial-up… I spent two weekends and five evenings downloading an .iso CD-image with FileZilla or something on a Mac in the lab. I had never burned a CD before but tried once copying the file to the CD. That wouldn’t boot. I discovered CD imaging… So, on the second try, I had a CD that would boot on the machines. I first did one machine and it wouldn’t start X. Having never seen X before, this was a problem but it turned out all I needed was the scanning frequencies for the CRT in a configuration file. Google helped me find those for each of my five different kinds of monitors. Suddenly, the PCs were useful with GNU/Linux.
  • Linux Under the Hood: Silence of the RAM
    Now that I see the events of the last week chronicled clearly in front of my very eyes, maybe the disparaging old junk man was right after all. I’m shameless enough to admit my own idiocy as long as it leads to learning from my mistakes. Maybe Linux isn’t rocket science, but installing RAM was sure beginning to feel like it.
  • Check out our new issue plus win an ebook bundle!
  • 30 days in a terminal: Day 10 — The experiment is over
    When I set out to spend 30 days living entirely in a Linux terminal, I knew there was a distinct possibility I would fail utterly. I mean, 30 days? No GUI software? No Xorg? Just describing it sounds like torture. And torture it was. Mostly. Some moments, though, were pretty damned amazing. Not amazing enough to help me reach my 30-day goal, mind you. I fell short—only making it to day 10.
  • Bad Voltage Episode 70 Has Been Released: Delicious Amorphous Tech Bubble
  • Tokyo: Automotive Linux Summit
    Engineers will gather in Tokyo July 13-14 for the annual Automotive Linux Summit, a conference where auto-industry stakeholders discuss the adoption of an open-source Linux-based platform for in-vehicle infotainment. The two-day summit brings together automotive systems engineers, Linux experts, developers and other players.
  • Oxenfree, an adventure game with supernatural elements, available on Linux
    This well-received indie title has been ported over to Linux. Combining plenty of elements of 80s teen movies and packaging them in a polished adventure, Oxenfree may be worth checking out if you’re a fan of adventure games.
  • Space station management game, The Spatials: Galactology, is confirmed to be coming for Linux
    This is an expanded and reimagined version of the management sim, The Spatials. It’s yet to be released but the developers have confirmed that a Linux version is in the works.
  • Red Hat Storage VP sees different uses for Ceph, Gluster
    Red Hat Storage showed off updates to its Ceph and Gluster software and laid out its strategy for working with containers at this week’s Red Hat Summit in San Francisco.

Leftovers: Ubuntu and Debian