|
|
The Chaotic World of Defining SpywareDATE: 01-APR-2005 Earlier this week, when anti-spyware vendor eTrust PestPatrol temporarily removed detections for eight adware applications marketed by Claria, the move caused many a raised eyebrow among anti-spyware advocates.PestPatrol said Friday it would relist all of the Claria Corp. applications on its threat database after a one-week Vendor Appeal Process, but the absence of a standard approach to defining the unwanted programs has plunged the industry into deep chaos and confusion.PestPatrol, which is marketed by Computer Associates International Inc., uses a strict, 21-point Spyware Scorecard to determine whether to flag a piece of software as a privacy or security threat."We use a behavior-based list of criteria, and we make that list public. If your software meets any of the criteria, you're classified as spyware in our database," said Tori Case, director of security management at eTrust PestPatrol.That approach, Case argued, sets up a structure for a legitimate adware vendor with good intentions to "clean up their act" in an open, transparent way.In stark contrast to the PestPatrol approach, anti-spyware players such as Webroot Software Inc., Sunbelt Software and newcomer Microsoft Corp. deliberately avoid limiting or restricting the definition criteria."The adware vendors want you to use strict definitions so they can play games and work around those lists. That's why PestPatrol is having problems with delisting and relisting," said Eric Howes, an anti-spyware advocate who provides consulting services for Sunbelt. "The minute you set up these definition lists, you are setting yourself up for cat-and-mouse games."  "A better approach is to define a set of objectionable practices. Many people want to focus on the quality and functionality of the software, but that doesn't work because there's a lot of deceptive intent [from adware vendors]," Howes said in an interview with eWEEK.com."You have to focus on the business practices and outline a list of objectionable behavior. Yes, it can be subjective, but that's the only way it works in the interest of the consumer," Howes said. Click here to read about how a Windows Media Player update failed a spyware infection test. Paul Bryan, director of product management in Microsoft's Security Business and Technology Unit, said the differing approaches, definitions and types of criteria are a problem that needs to be addressed.Bryan told eWEEK.com that key elements of any anti-spyware product are the approach and criteria used to determine whether a program should be added to the definition library for detection, and what classification would be appropriate. "Today, the industry uses different approaches, definitions and types of criteria for identifying and categorizing spyware and other potentially unwanted software, which limits the industry's ability to have a broad, coordinated impact in addressing the problem," Bryan said.Microsoft's Windows AntiSpyware, which is currently in beta, will not use strict, publicly known definitions. According to a white paper outlining its approach, Microsoft will zero in on deceptive behaviors and the amount of control the user is given."Unlike other forms of software, which tend to either be 'good' or 'bad,' spyware often exists in shades of 'gray.' With the exception of malicious behaviors, many of the behaviors could have legitimate purposes," according to the Microsoft document.The software giant said the Windows AntiSpyware product will sift through issues such as notice and consent about what is running on the user's machine; control over the actions taken by the program while it is running on the machine; the way private data is collected and used without explicit consent; and the negative impact on the security of a PC.Microsoft's criteria also address the general impact on performance, reliability and quality of the user's computing experience. For example, if an adware program slows down PC performance or corrupts the operating system, it is likely to be flagged as a spyware threat.Microsoft's white paper received a thumbs-up from researcher Eric Howes. "They are moving in the right direction. There are a few weaknesses here and there, and I'd like to see them provide some more details, but generally their approach is good." Next Page: An increase in legal threats.
|
