Language Selection

English French German Italian Portuguese Spanish

Giving New Meaning to 'Spyware'

Filed under
Security

Supreme Court Justice Potter Stewart famously said that he couldn't define obscenity, but that he knew it when he saw it.

The same has long been the case with spyware. It's not easy to define, but most people know it when parasitic programs suck up resources on their computer and clog their browsers with pop-up ads.

Recognizing that one person's search toolbar is another's spyware, a coalition of consumer groups, ISPs and software companies announced on Tuesday that it has finally come up with a mutually agreeable definition for the internet plague.

Spyware impairs "users' control over material changes that affect their user experience, privacy or system security; use of their system resources, including what programs are installed on their computers; or collection, use and distribution of their personal or otherwise sensitive information," according to the Anti-Spyware Coalition, which includes Microsoft, EarthLink, McAfee and Hewlett-Packard.

The group hopes the definitions will clear the way for anti-spyware legislation and help create a formal, centralized method for companies to dispute or change their software's classification.

"One of the biggest challenges we've had with spyware has been agreeing on what it is," said Ari Schwartz, associate director of the Center for Democracy and Technology, which has led the group's work. "The anti-spyware community needs a way to quickly and decisively categorize the new programs spawning at exponential rates across the internet."

The lack of standard definitions of spyware and adware has doomed federal and state legislation and hampered collaboration between anti-spyware forces.

In a colloquial sense, spyware is used to refer to a whole range of programs, including unwanted browser toolbars that come bundled with other downloads, surf-tracking software that generates pop-up ads, and software that tries to capture passwords and credit-card numbers.

Software companies like Claria, which distribute their pop-up advertising software by bundling it with free programs such as peer-to-peer software, adamantly deny their products are "spyware." They point out that users can usually find a definition of the programs' effects deep in the user agreement.

It is unclear what effect the new definitions will have on current anti-spyware programs, such as Lavasoft's Ad-Aware and Microsoft's free AntiSpyware tool.

Recently, Microsoft downgraded the default program action for Claria's software from "Remove" to "Ignore," which prompted widespread criticism.

Microsoft responded by saying that it had changed the handling of "Claria software in order to be fair and consistent with how Windows AntiSpyware (beta) handles similar software from other vendors."

Microsoft is in negotiations to buy venture-capital-backed Claria, according to The New York Times.

Ben Edelman, the country's foremost spyware researcher, questions whether the new definitions are simply there so that adware companies can find a way to get a stamp of approval for their software.

"From the perspective of users whose computers are infected, there is nothing hard about (defining spyware)," Edelman said. "If you have adware or spyware on your computer, you want it gone.

"Maybe the toolbar is Mother Theresa, but it's Mother Theresa sitting in your living room uninvited and you want her gone also," Edelman said. "You don't need a committee of 50 smart guys in D.C. sipping ice tea in order to decide that.

"The question is, what do you want to do with it? If you had a consensus of 100 computer-repair technicians or Bill Gates himself, what would they say to do?"

By Ryan Singel
Wired News

More in Tux Machines

Security: Google, Vulnerabilities Equities Process (VEP), Quad9 and More

  • Google investigators find hackers swipe nearly 250,000 passwords a week
    Hackers are constantly trying to break into Google accounts, so Google researchers spent a year tracing how hackers steal passwords and expose them on the internet's black market. To gather hard evidence about the tools hackers use to swipe passwords, Google collaborated with University of California Berkeley cybersecurity experts to track activity on some of these markets. On Thursday, they published their results.
  • Time Will Tell if the New Vulnerabilities Equities Process Is a Step Forward for Transparency
    The White House has released a new and apparently improved Vulnerabilities Equities Process (VEP), showing signs that there will be more transparency into the government’s knowledge and use of zero day vulnerabilities. In recent years, the U.S. intelligence community has faced questions about whether it “stockpiles” vulnerabilities rather than disclosing them to affected companies or organizations, and this scrutiny has only ramped up after groups like the Shadow Brokers have leaked powerful government exploits. According to White House Cybersecurity Coordinator Rob Joyce, the form of yesterday’s release and the revised policy itself are intended to highlight the government’s commitment to transparency because it’s “the right thing to do.”
  • Security updates for Friday
  • Quad9 Secure DNS Service Embeds IBM Security Intelligence
  • New “Quad9” DNS service blocks malicious domains for everyone
    The Global Cyber Alliance (GCA)—an organization founded by law enforcement and research organizations to help reduce cyber-crime—has partnered with IBM and Packet Clearing House to launch a free public Domain Name Service system. That system is intended to block domains associated with botnets, phishing attacks, and other malicious Internet hosts—primarily targeted at organizations that don't run their own DNS blacklisting and whitelisting services. Called Quad9 (after the 9.9.9.9 Internet Protocol address the service has obtained), the service works like any other public DNS server (such as Google's), except that it won't return name resolutions for sites that are identified via threat feeds the service aggregates daily.
  • The Internet of Shit is so manifestly insecure that people are staying away from it in droves
  • Security updates for Thursday
  • [Ubuntu] Security Team Weekly Summary: November 16, 2017
  • Hacking Blockchain with Smart Contracts to Control a Botnet
    Blockchain has been hailed by some in the technology industry as a potential method to help improve cyber security. However, security researcher Majid Malaika warns that Blockchain can potentially be abused to enable a new form of botnet that would be very difficult to take down. Malaika detailed his Blockchain-powered botnet in a session at the SecTor security conference on Nov. 15. The overall attack method has been dubbed "Botract" by Malaika, as it abuses inherent functionality in the smart contracts that help to enable Blockchain.
  • What Can The Philosophy of Unix Teach Us About Security?

Graphics: AMD and NVIDIA

  • R600 Gallium3D Shader Image Support Lands, Other R600g Patches Pending
    As a follow-up to OpenGL 4.2 Support Could Soon Land For AMD Cayman GPUs On R600g, the patches have landed in Mesa 17.4-dev Git! Plus other R600g patches are on the mailing list for review. These shader image support patches for R600g expose OpenGL's ARB_shader_image_size and ARB_shader_image_load_store for Radeon HD 5000/6000 series. In the process, this ends up taking Radeon HD 6900 "Cayman" GPUs to having OpenGL 4.2 compliance from 4.1 with the shader image support having been the last blocker. Other GPUs on R600g remain at OpenGL 3.3 due to lacking FP64 support, as outlined more extensively in that previous article.
  • GeForce GTX 900 Series Re-Clocking Patches Updated By Karol Herbst
    Frequent Nouveau open-source NVIDIA driver contributor Karol Herbst has posted his latest patch series in working towards GeForce GTX 900 "Maxwell 2" graphics processor re-clocking.
  • 25 More AMDGPU DC Patches, Mostly Focused On Raven DCN
    DCN in this context is for current the DCN 1.0 Raven Ridge family of display engines. The just-launched Vega+Zen APUs feature a new display engine and that's what this DCN code is for, which is also under a separate Kconfig tunable from the rest of AMDGPU DC.

Development of Linux 4.15

  • Broadcom Hurricane 2 & Allwinner R40 Supported By Linux 4.15
    More ARM platform upstreaming has taken place for the Linux 4.15 kernel development cycle among other ARM hardware improvements.
  • Intel Coffee Lake & Cannonlake Thermal Support In Linux 4.15
    While Intel Coffee Lake hardware is shipping already, a few bits of tardy kernel code for these "8th Gen Core" CPUs is only hitting the Linux 4.15 kernel. The Intel DRM driver is most notably enabling Coffee Lake graphics by default in 4.15, but there's also some thermal code now landing among other changes now happening. Zhang Rui sent in the thermal updates for Linux 4.15 on Thursday and they include late additions for Coffee Lake but at the same time the relevant additions for Cannonlake that will be shipping in 2018 as the next-gen Intel CPUs.
  • AMDGPU DC Pull Request Submitted For Linux 4.15 Kernel - 132,395 Lines Of Code
    One day after submitting the main DRM feature pull request for Linux 4.15, David Airlie of Red Hat has submitted the secondary pull request that would feature the long-awaited introduction of AMDGPU DC into the mainline kernel.

Tizen News: Knox, YouTube, Financial Apps