Language Selection

English French German Italian Portuguese Spanish

Giving New Meaning to 'Spyware'

Filed under
Security

Supreme Court Justice Potter Stewart famously said that he couldn't define obscenity, but that he knew it when he saw it.

The same has long been the case with spyware. It's not easy to define, but most people know it when parasitic programs suck up resources on their computer and clog their browsers with pop-up ads.

Recognizing that one person's search toolbar is another's spyware, a coalition of consumer groups, ISPs and software companies announced on Tuesday that it has finally come up with a mutually agreeable definition for the internet plague.

Spyware impairs "users' control over material changes that affect their user experience, privacy or system security; use of their system resources, including what programs are installed on their computers; or collection, use and distribution of their personal or otherwise sensitive information," according to the Anti-Spyware Coalition, which includes Microsoft, EarthLink, McAfee and Hewlett-Packard.

The group hopes the definitions will clear the way for anti-spyware legislation and help create a formal, centralized method for companies to dispute or change their software's classification.

"One of the biggest challenges we've had with spyware has been agreeing on what it is," said Ari Schwartz, associate director of the Center for Democracy and Technology, which has led the group's work. "The anti-spyware community needs a way to quickly and decisively categorize the new programs spawning at exponential rates across the internet."

The lack of standard definitions of spyware and adware has doomed federal and state legislation and hampered collaboration between anti-spyware forces.

In a colloquial sense, spyware is used to refer to a whole range of programs, including unwanted browser toolbars that come bundled with other downloads, surf-tracking software that generates pop-up ads, and software that tries to capture passwords and credit-card numbers.

Software companies like Claria, which distribute their pop-up advertising software by bundling it with free programs such as peer-to-peer software, adamantly deny their products are "spyware." They point out that users can usually find a definition of the programs' effects deep in the user agreement.

It is unclear what effect the new definitions will have on current anti-spyware programs, such as Lavasoft's Ad-Aware and Microsoft's free AntiSpyware tool.

Recently, Microsoft downgraded the default program action for Claria's software from "Remove" to "Ignore," which prompted widespread criticism.

Microsoft responded by saying that it had changed the handling of "Claria software in order to be fair and consistent with how Windows AntiSpyware (beta) handles similar software from other vendors."

Microsoft is in negotiations to buy venture-capital-backed Claria, according to The New York Times.

Ben Edelman, the country's foremost spyware researcher, questions whether the new definitions are simply there so that adware companies can find a way to get a stamp of approval for their software.

"From the perspective of users whose computers are infected, there is nothing hard about (defining spyware)," Edelman said. "If you have adware or spyware on your computer, you want it gone.

"Maybe the toolbar is Mother Theresa, but it's Mother Theresa sitting in your living room uninvited and you want her gone also," Edelman said. "You don't need a committee of 50 smart guys in D.C. sipping ice tea in order to decide that.

"The question is, what do you want to do with it? If you had a consensus of 100 computer-repair technicians or Bill Gates himself, what would they say to do?"

By Ryan Singel
Wired News

More in Tux Machines

Today in Techrights

Leftovers: Software

  • gtkmm now uses C++11
    All the *mm projects now require C++11. Current versions of g++ require you to use the –std=c++11 option for this, but the next version will probably use C++11 by default. We might have done this sooner if it had been clearer that g++ (and libstdc++) really really supported C++11 fully.
  • Pixman Baking ARMv6, PowerPC 64 Improvements
    Pixman 0.33.2 RC has many new ARMv6 optimizations, bug fixes for PowerPC 64-bit, and various other fixes and enhancements to the MMX code.
  • Obnam 1.13 released (backup software)
    I have just released version 1.13 of Obnam, my backup program. See the website at http://obnam.org for details on what it does. The new version is available from git (see http://git.liw.fi) and as Debian packages from http://code.liw.fi/debian, and uploaded to Debian, and soon in unstable.
  • MusicTube Review - Use YouTube as Your Source of Music
    MusicTube is a very interesting music player designed for multiple platforms using YouTube as the music source. It's not made for locally hosted music, and you can't add other online sources, but YouTube is a huge resource.

today's leftovers

  • Smaller Docker containers for Go apps
    Most of our services are in Go, and thanks to the fact that compiled Go binaries are mostly-statically linked by default, it’s possible to create containers with very few files within. It’s surely possible to use these techniques to create tighter containers for other languages that need more runtime support, but for this post I’m only focusing on Go apps.
  • In Korean, Multipath TCP is pronounced GIGA Path
    Enabling Multipath TCP on the smartphone is the first step in deploying it. However, this is not sufficient since there are very few servers that support Multipath TCP today. To enable their users to benefit from Multipath TCP for all the applications that they use, KT has opted for a SOCKSv5 proxy. This proxy is running on x86 servers using release 0.89.5 of the open-source Multipath TCP implementation in the Linux kernel. During the presentation, SungHoon Seo mentioned that despite the recent rollout of the service, there were already 5,500 active users on the SOCKS proxy the last time he checked. Thanks to this proxy, the subscribes of the Giga Path service in Korea can benefit from Multipath TCP with all the TCP-based applications that they use.
  • Cleaning the house (GSoC #6) & GUADEC
  • Zorin OS 10 Is Out, the Best, Most Beautiful Release Yet, Based on Ubuntu 15.04 - Screenshot Tour
    On August 1, Artyom Zorin had the great pleasure of announcing the immediate availability for download of the final release of his Zorin OS 10 GNU/Linux operating system, distributed as Core and Ultimate editions, based on Ubuntu 15.04.

today's howtos