Language Selection

English French German Italian Portuguese Spanish

Giving New Meaning to 'Spyware'

Filed under
Security

Supreme Court Justice Potter Stewart famously said that he couldn't define obscenity, but that he knew it when he saw it.

The same has long been the case with spyware. It's not easy to define, but most people know it when parasitic programs suck up resources on their computer and clog their browsers with pop-up ads.

Recognizing that one person's search toolbar is another's spyware, a coalition of consumer groups, ISPs and software companies announced on Tuesday that it has finally come up with a mutually agreeable definition for the internet plague.

Spyware impairs "users' control over material changes that affect their user experience, privacy or system security; use of their system resources, including what programs are installed on their computers; or collection, use and distribution of their personal or otherwise sensitive information," according to the Anti-Spyware Coalition, which includes Microsoft, EarthLink, McAfee and Hewlett-Packard.

The group hopes the definitions will clear the way for anti-spyware legislation and help create a formal, centralized method for companies to dispute or change their software's classification.

"One of the biggest challenges we've had with spyware has been agreeing on what it is," said Ari Schwartz, associate director of the Center for Democracy and Technology, which has led the group's work. "The anti-spyware community needs a way to quickly and decisively categorize the new programs spawning at exponential rates across the internet."

The lack of standard definitions of spyware and adware has doomed federal and state legislation and hampered collaboration between anti-spyware forces.

In a colloquial sense, spyware is used to refer to a whole range of programs, including unwanted browser toolbars that come bundled with other downloads, surf-tracking software that generates pop-up ads, and software that tries to capture passwords and credit-card numbers.

Software companies like Claria, which distribute their pop-up advertising software by bundling it with free programs such as peer-to-peer software, adamantly deny their products are "spyware." They point out that users can usually find a definition of the programs' effects deep in the user agreement.

It is unclear what effect the new definitions will have on current anti-spyware programs, such as Lavasoft's Ad-Aware and Microsoft's free AntiSpyware tool.

Recently, Microsoft downgraded the default program action for Claria's software from "Remove" to "Ignore," which prompted widespread criticism.

Microsoft responded by saying that it had changed the handling of "Claria software in order to be fair and consistent with how Windows AntiSpyware (beta) handles similar software from other vendors."

Microsoft is in negotiations to buy venture-capital-backed Claria, according to The New York Times.

Ben Edelman, the country's foremost spyware researcher, questions whether the new definitions are simply there so that adware companies can find a way to get a stamp of approval for their software.

"From the perspective of users whose computers are infected, there is nothing hard about (defining spyware)," Edelman said. "If you have adware or spyware on your computer, you want it gone.

"Maybe the toolbar is Mother Theresa, but it's Mother Theresa sitting in your living room uninvited and you want her gone also," Edelman said. "You don't need a committee of 50 smart guys in D.C. sipping ice tea in order to decide that.

"The question is, what do you want to do with it? If you had a consensus of 100 computer-repair technicians or Bill Gates himself, what would they say to do?"

By Ryan Singel
Wired News

More in Tux Machines

CentOS vs Ubuntu: Which one is better for a server

Finally decided to get a VPS but can’t decide which Linux distro to use? We’ve all been there. The choice may even be overwhelming, even for Linux distros, considering all the different flavors and distros that are out there. Though, the two most widely used and most popular server distros are CentOS and Ubuntu. This is the main dilemma among admins, both beginners and professionals. Having experience with both (and more) distros, we decided to do a comparison of CentOS and Ubuntu when used for a server. Read more

This Script Updates Hosts Files Using a Multi-Source Unified Block List With Whitelisting

If you ever tinker with your hosts file, you should try running this script to automatically keep the file updated with the latest known ad servers, phishing sites and other web scum.

Read more

via DMT/Linux Blog

today's leftovers

  • FLOSS Weekly 417: OpenHMD
    Fredrik Hultin is the Co-founder of the OpenHMD project (together with Jakob Bornecrantz). OpenHMD aims to provide a Free and Open Source API and drivers for immersive technology, such as head-mounted displays with built-in head tracking. The project's aim is to implement support for as many devices as possible in a portable, cross-platform package.
  • My next EP will be released as a corrupted GPT image
    Endless OS is distributed as a compressed disk image, so you just write it to disk to install it. On first boot, it resizes itself to fill the whole disk. So, to “install” it to a file we decompress the image file, then extend it to the desired length. When booting, in principle we want to loopback-mount the image file and treat that as the root device. But there’s a problem: NTFS-3G, the most mature NTFS implementation for Linux, runs in userspace using FUSE. There are some practical problems arranging for the userspace processes to survive the transition out of the initramfs, but the bigger problem is that accessing a loopback-mounted image on an NTFS partition is slow, presumably because every disk access has an extra round-trip to userspace and back. Is there some way we can avoid this performance penalty?
  • This week in GTK+ – 31
    In this last week, the master branch of GTK+ has seen 52 commits, with 10254 lines added and 9466 lines removed.
  • Digest of Fedora 25 Reviews
    Fedora 25 has been out for 2 months and it seems like a very solid release, maybe the best in the history of the distro. And feedback from the press and users has also been very positive.
  • Monday's security updates
  • What does security and USB-C have in common?
    I've decided to create yet another security analogy! You can’t tell, but I’m very excited to do this. One of my long standing complaints about security is there are basically no good analogies that make sense. We always try to talk about auto safety, or food safety, or maybe building security, how about pollution. There’s always some sort of existing real world scenario we try warp and twist in a way so we can tell a security story that makes sense. So far they’ve all failed. The analogy always starts out strong, then something happens that makes everything fall apart. I imagine a big part of this is because security is really new, but it’s also really hard to understand. It’s just not something humans are good at understanding. [...] The TL;DR is essentially the world of USB-C cables is sort of a modern day wild west. There’s no way to really tell which ones are good and which ones are bad, so there are some people who test the cables. It’s nothing official, they’re basically volunteers doing this in their free time. Their feedback is literally the only real way to decide which cables are good and which are bad. That’s sort of crazy if you think about it.
  • NuTyX 8.2.93 released
  • Linux Top 3: Parted Magic, Quirky and Ultimate Edition
    Parted Magic is a very niche Linux distribution that many users first discover when they're trying to either re-partition a drive or recover data from an older system. The new Parted Magic 2017_01_08 release is an incremental update that follows the very large 2016_10_18 update that provided 800 updates.
  • How To Use Google Translate From Commandline In Linux
  • How to debug C programs in Linux using gdb
  • Use Docker remotely on Atomic Host
  • Ubuntu isn’t the only version of Linux that can run on Windows 10
  • OpenSUSE Linux lands on Windows 10
  • How to run openSUSE Leap 42.2 or SUSE Linux Enterprise Server 12 on Windows 10

Leftovers: Software and Games