Language Selection

English French German Italian Portuguese Spanish

Giving New Meaning to 'Spyware'

Filed under
Security

Supreme Court Justice Potter Stewart famously said that he couldn't define obscenity, but that he knew it when he saw it.

The same has long been the case with spyware. It's not easy to define, but most people know it when parasitic programs suck up resources on their computer and clog their browsers with pop-up ads.

Recognizing that one person's search toolbar is another's spyware, a coalition of consumer groups, ISPs and software companies announced on Tuesday that it has finally come up with a mutually agreeable definition for the internet plague.

Spyware impairs "users' control over material changes that affect their user experience, privacy or system security; use of their system resources, including what programs are installed on their computers; or collection, use and distribution of their personal or otherwise sensitive information," according to the Anti-Spyware Coalition, which includes Microsoft, EarthLink, McAfee and Hewlett-Packard.

The group hopes the definitions will clear the way for anti-spyware legislation and help create a formal, centralized method for companies to dispute or change their software's classification.

"One of the biggest challenges we've had with spyware has been agreeing on what it is," said Ari Schwartz, associate director of the Center for Democracy and Technology, which has led the group's work. "The anti-spyware community needs a way to quickly and decisively categorize the new programs spawning at exponential rates across the internet."

The lack of standard definitions of spyware and adware has doomed federal and state legislation and hampered collaboration between anti-spyware forces.

In a colloquial sense, spyware is used to refer to a whole range of programs, including unwanted browser toolbars that come bundled with other downloads, surf-tracking software that generates pop-up ads, and software that tries to capture passwords and credit-card numbers.

Software companies like Claria, which distribute their pop-up advertising software by bundling it with free programs such as peer-to-peer software, adamantly deny their products are "spyware." They point out that users can usually find a definition of the programs' effects deep in the user agreement.

It is unclear what effect the new definitions will have on current anti-spyware programs, such as Lavasoft's Ad-Aware and Microsoft's free AntiSpyware tool.

Recently, Microsoft downgraded the default program action for Claria's software from "Remove" to "Ignore," which prompted widespread criticism.

Microsoft responded by saying that it had changed the handling of "Claria software in order to be fair and consistent with how Windows AntiSpyware (beta) handles similar software from other vendors."

Microsoft is in negotiations to buy venture-capital-backed Claria, according to The New York Times.

Ben Edelman, the country's foremost spyware researcher, questions whether the new definitions are simply there so that adware companies can find a way to get a stamp of approval for their software.

"From the perspective of users whose computers are infected, there is nothing hard about (defining spyware)," Edelman said. "If you have adware or spyware on your computer, you want it gone.

"Maybe the toolbar is Mother Theresa, but it's Mother Theresa sitting in your living room uninvited and you want her gone also," Edelman said. "You don't need a committee of 50 smart guys in D.C. sipping ice tea in order to decide that.

"The question is, what do you want to do with it? If you had a consensus of 100 computer-repair technicians or Bill Gates himself, what would they say to do?"

By Ryan Singel
Wired News

More in Tux Machines

Linux and FOSS Events

  • Debian SunCamp 2017 Is Taking Place May 18-21 in the Province of Girona, Spain
    It looks like last year's Debian SunCamp event for Debian developers was a total success and Martín Ferrari is back with a new proposal that should take place later this spring during four days full of hacking, socializing, and fun. That's right, we're talking about Debian SunCamp 2017, an event any Debian developer, contributor, or user can attend to meet his or hers Debian buddies, hack together on new projects or improve existing ones by sharing their knowledge, plan upcoming features and discuss ideas for the Debian GNU/Linux operating system.
  • Pieter Hintjens In Memoriam
    Pieter Hintjens was a writer, programmer and thinker who has spent decades building large software systems and on-line communities, which he describes as "Living Systems". He was an expert in distributed computing, having written over 30 protocols and distributed software systems. He designed AMQP in 2004, and founded the ZeroMQ free software project in 2007. He was the author of the O'Reilly ZeroMQ book, "Culture and Empire", "The Psychopath Code", "Social Architecture", and "Confessions of a Necromancer". He was the president of the Foundation for a Free Information Infrastructure (FFII), and fought the software patent directive and the standardisation of the Microsoft OOXML Office format. He also organized the Internet of Things (IOT) Devroom here at FOSDEM for the last 3 years. In April 2016 he was diagnosed with terminal metastasis of a previous cancer.
  • foss-gbg on Wednesday
    The topics are Yocto Linux on FPGA-based hardware, risk and license management in open source projects and a product release by the local start-up Zifra (an encryptable SD-card). More information and free tickets are available at the foss-gbg site.

Leftovers: OSS

  • When Open Source Meets the Enterprise
    Open source solutions have long been an option for the enterprise, but lately it seems they are becoming more of a necessity for advanced data operations than merely a luxury for IT techs who like to play with code. While it’s true that open platforms tend to provide a broader feature set compared to their proprietary brethren, due to their larger and more diverse development communities, this often comes at the cost of increased operational complexity. At a time when most enterprises are looking to shed their responsibilities for infrastructure and architecture to focus instead on core money-making services, open source requires a fairly high level of in-house technical skill. But as data environments become more distributed and reliant upon increasingly complex compilations of third-party systems, open source can provide at least a base layer of commonality for resources that support a given distribution.
  • EngineerBetter CTO: the logical truth about software 'packaging'
    Technologies such as Docker have blended these responsibilities, causing developers to need to care about what operating system and native libraries are available to their applications – after years of the industry striving for more abstraction and increased decoupling!
  • What will we do when everything is automated?
    Just translate the term "productivity of American factories" into the word "automation" and you get the picture. Other workers are not taking jobs away from the gainfully employed, machines are. This is not a new trend. It's been going on since before Eli Whitney invented the cotton gin. Industry creates machines that do the work of humans faster, cheaper, with more accuracy and with less failure. That's the nature of industry—nothing new here. However, what is new is the rate by which the displacement of human beings from the workforce in happening.
  • Want OpenStack benefits? Put your private cloud plan in place first
    The open source software promises hard-to-come-by cloud standards and no vendor lock-in, says Forrester's Lauren Nelson. But there's more to consider -- including containers.
  • Set the Agenda at OpenStack Summit Boston
    The next OpenStack Summit is just three months away now, and as is their custom, the organizers have once again invited you–the OpenStack Community–to vote on which presentations will and will not be featured at the event.
  • What’s new in the world of OpenStack Ambassadors
    Ambassadors act as liaisons between multiple User Groups, the Foundation and the community in their regions. Launched in 2013, the OpenStack Ambassador program aims to create a framework of community leaders to sustainably expand the reach of OpenStack around the world.
  • Boston summit preview, Ambassador program updates, and more OpenStack news

Proprietary Traps and Openwashing

  • Integrate ONLYOFFICE Online Editors with ownCloud [Ed: Proprietary software latches onto FOSS]
    ONLYOFFICE editors and ownCloud is the match made in heaven, wrote once one of our users. Inspired by this idea, we developed an integration app for you to use our online editors in ownCloud web interface.
  • Microsoft India projects itself as open source champion, says AI is the next step [Ed: Microsoft bribes to sabotage FOSS and blackmails it with patents; calls itself "open source"]
  • Open Source WSO2 IoT Server Advances Integration and Analytic Capabilities
    WSO2 has announced a new, fully-open-source WSO2 Internet of Things Server edition that "lowers the barriers to delivering enterprise-grad IoT and mobile solutions."
  • SAP license fees are due even for indirect users, court says
    SAP's named-user licensing fees apply even to related applications that only offer users indirect visibility of SAP data, a U.K. judge ruled Thursday in a case pitting SAP against Diageo, the alcoholic beverage giant behind Smirnoff vodka and Guinness beer. The consequences could be far-reaching for businesses that have integrated their customer-facing systems with an SAP database, potentially leaving them liable for license fees for every customer that accesses their online store. "If any SAP systems are being indirectly triggered, even if incidentally, and from anywhere in the world, then there are uncategorized and unpriced costs stacking up in the background," warned Robin Fry, a director at software licensing consultancy Cerno Professional Services, who has been following the case.
  • “Active Hours” in Windows 10 emphasizes how you are not in control of your own devices
    No edition of Windows 10, except Professional and Enterprise, is expected to function for more than 12 hours of the day. Microsoft most generously lets you set a block of 12 hours where you’re in control of the system, and will reserve the remaining 12 hours for it’s own purposes. How come we’re all fine with this? Windows 10 introduced the concept of “Active Hours”, a period of up to 12 hours when you expect to use the device, meant to reflect your work hours. The settings for changing the device’s active hours is hidden away among Windows Update settings, and it poorly fits with today’s lifestyles. Say you use your PC in the afternoon and into the late evening during the work week, but use it from morning to early afternoon in the weekends. You can’t fit all those hours nor accommodate home office hours in a period of just 12 hours. We’re always connected, and expect our devices to always be there for us when we need them.
  • Chrome 57 Will Permanently Enable DRM
    The next stable version of Chrome (Chrome 57) will not allow users to disable the Widevine DRM plugin anymore, therefore making it an always-on, permanent feature of Chrome. The new version of Chrome will also eliminate the “chrome://plugins” internal URL, which means if you want to disable Flash, you’ll have to do it from the Settings page.

Linux Mint 18.1 Serena - The glass is half full

Linux Mint 18.1 Serena is an okay distro. It has more merit than Sarah, but then, it's also had almost a year to work on polishing some of the issues, and while a few have been ironed out, big quality issues that were never the domain of Mint before still persist. The live session experience is underwhelming, the default theme is not vibrant enough and can lead to ocular exhaustion quickly, there were problems with stability, multimedia playback, and the promise of Spotify never came to be. On the other hand, most of the stuff works out of the box, the repos are rich, the distro can be tamed relatively easily, and at the end of the day, you have a supported, popular system full of goodies and shiny colors with only a slight aftertaste of betrayal in your proverbial mouth. Good, but only if you've just started playing around with Linux. This distro has no flair. It doesn't have the magic and fire of yore. No fire, no nothing. It's not super green. And it must pop pop pop. So I guess, grade wise, 6.5/10 or some such. All in all, 'tis Linux Mint all right, but not the best offering by a long shot. Read more Also: Linux Mint 18.2 Features – What’s Ahead In the Next Release