The Chaotic World of Defining Spyware

DATE: 01-APR-2005
By Ryan Naraine
Richard Stiennon, vice president of threat research at Webroot, said the latest brouhaha around spyware definitions is a direct result of an increase in legal threats against anti-spyware vendors and advocates.

"The threat of litigation is a growing issue. The only reason PestPatrol would stop identifying a piece of adware as a threat is because the lawyers are sending them letters," Stiennon said.

Claria's GAIN is listed high on Webroot's top 10 spyware threats because, according to Stiennon, it falls under the three broad criteria used to determine threats.

GAIN is described as an adware program that displays banner advertisements based on a user's Web surfing habits. The application is usually bundled with numerous free software programs, including the Kazaa file-sharing program.

Stiennon won't discuss individual legal threats from adware companies, but he said the company was constantly receiving cease-and-desist letters from some of the biggest names in the behavioral marketing business.

"The legal threats are constant. It's becoming a drain on our resources, but that tells us we're having an impact on dealing with spyware," Stiennon said. "I don't think PestPatrol should have backed down because that's what the adware vendors want. They want to force the issue and avoid detection."

Ben Edelman, a Harvard University student who monitors the spyware scourge, has published a detailed list of threats and demands made by adware providers. The list includes actual lawsuits filed against anti-spyware vendors and legal complaints against bloggers and other spyware critics.

eWEEK.com Special Report: Privacy

Webroot's Stiennon said his company uses very simple and straightforward definition criteria. "If the software displays ads, it's adware. It's that simple."

But even then, he said he agrees there are gray areas, especially when the ads are displayed with the application's real estate. The free versions of the Opera browser and the Eudora e-mail client display advertising, but those aren't classified as spyware.

Webroot also looks closely for system monitors or keystroke loggers, programs that gather data about a user's activity and transmit that data to unknown destinations. "These are the more dangerous threats because it can be used to steal passwords, credit card numbers and other sensitive data."

Webroot also flags behavior-tracking cookies that identify Web sites that users visit for the explicit purpose of serving targeted advertisements.

PointerSpyware has snagged Blogger users. Click here to read more.

PestPatrol's Tori Case defended the company's use of a rigid definition formula, which is revisited and updated to accommodate new threats.

"We revisit the scorecard every 90 days to make modifications to reflect the changing nature of the spyware market. That's how we address the issues of a company playing games. It's a rapidly evolving world out there, and we have systems in place to deal with it," Case said.

She said the vast majority of vendor appeals do not result in big changes to the PestPatrol product, and even when detections are removed, old versions of the adware program are still detected and deleted.

"We're very committed to the approach we've taken with the scorecard. That's not going to change anytime in the future," Case added.

Microsoft's Bryan said he thinks the confusion points to the need for an industry body to kick-start dialogue. Such an initiative would take the place of COAST, the anti-spyware coalition that collapsed earlier this year amid a rash of acrimony and finger-pointing.

The COAST group fell apart after several founding members objected to the decision to allow membership to 180solutions Inc., a Bellevue, Wash.-based search marketing company that uses questionable tactics to install ad-serving software on computers.

PestPatrol, Webroot and Sunbelt all have echoed Microsoft's call for a new coalition with clearly defined guidelines and objectives.

"There is a crying need for information-sharing [among anti-spyware vendors]," Howes said. "The goal of a new coalition needs to be narrower and tightly defined."

PestPatrol's Case said she agrees. "Hindsight is 20-20 for all of us. Some big mistakes were made in COAST that we can all learn from. Although there is a place for certification [of adware applications], it should not be within an anti-spyware group. We need to build a wall to avoid those conflict-of-interest issues."

PointerCheck out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

Back to:
Introduction

 


Comment on this article
Be the first to comment on this article.
Sponsored Content
White Papers

No registration required to download these free white papers:

Security in the World of Web 2.0

Intelligent Infrastructure for Information Services

Making Server Consolidation A Reality

Protecting Client Systems from the Crimeware Invasion

Top 10 Ways to Increase Enterprise Security While Reducing Costs
Upcoming eSeminars

Data Protection Virtual Tradeshow
Cameron Crotty 50x50

Available On-Demand
Join Cameron Crotty and experts as they explore best practices and solutions needed to maintain a secure flow of data.
Available On-Demand
Security 2.0: Controlling Complexity
with Cameron Crotty. Sponsored by Symantec
Available On-Demand
Backup Exec 11d - The Gold Standard in Windows Data Recovery
with Frank Derfler. Sponsored by Symantec
Advertisement
Sponsors
  • 64 Pages of How-To Operational Advice for IT
  • You have a choice! Ericom's Alternative to Citrix
  • Discover what 2000 Cisco customers know about Riverbed
  • ScanSoft PDF Converter Professional 4
  • Defy the laws of reporting with Crystal Reports® 2008.
  • See how EMC can help you store more intelligently.
  • When Speed Counts, Count On 3Com.
  • Download the Windows Server® 2008 Release Candidate today.
    		•
    Security IT Hub Contact Us | About | Advertise
    Ziff Davis Enterprise

    Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters | RSS Feeds | Tech Shop | White Papers | Tech Encyclopedia | PC Downloads | ROI Calculators | Tech Jobs | Enterprise Product Comparison Guides | Tech Webcasts | Tech Podcasts | Tech Video

    1UP | AppScout | Baseline | Careers | Channel Insider | CIO Insight | Cranky Geeks | DesktopLinux | DeviceForge
    DevSource | DigitalLife | DL.TV | eSeminars | eWEEK | ExtremeTech | Filefront | GameVideos | GearLog
    LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | My Cheats | Networking | PC Magazine | PCMagCasts | PDF Zone |
    Publish | Security IT Hub | Server IQ | Smart Device Central | Strategic Partner | TechnoRide | Web Buyer's Guide |
    What's New Now | Windows for Devices | Ziff Davis Media International

    Use of this site is governed by our Terms of Use and Privacy Policy
    Copyright © 2004-2006 Ziff Davis Publishing Holding Inc. All Rights Reserved. Security IT Hub is a trademark of Ziff Davis Publishing Holdings Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Media Inc. is prohibited.