<body>
 
 
Celebrity Gossip  
 

What is spyware?

It isn't always easy to distinguish safe programs from spyware, but an industry group is trying to make the process easier.

The Anti-Spyware Coalition, a group of more than two dozen technology vendors and interest groups, late last week unveiled a set of guidelines to help antispyware vendors determine what should be flagged as spyware.

The coalition, led by the It industry's Center for Democracy and Technology and includes vendors such as McAfee Inc., Microsoft, Sophos plc, Symantec Corp., Trend Micro Inc. and others, defines spyware as technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:

  • Material changes that affect their user experience, privacy or system security;
  • Use of their system resources, including what programs are installed on their computers; and/or
  • Collection, use, and distribution of their personal or other sensitive information.

    Graham Cluley, senior technology consultant for UK-based security vendor Sophos, said it's often difficult for vendors and systems administrators to know where to draw the line on unwanted spyware, and how to distinguish it from acceptable adware.

    "This makes it easier for the security vendors to determine what they should detect and what they shouldn't," Cluley said. "Incorporating these guidelines is going to make their products easier to use and will benefit the consumer."

The coalition's spyware definition notes the complexity involved, since some technologies that have been linked to spyware -- such as tracking software that supports unauthorized key logging, or remote-control software that can open the door for botnets and "droneware" -- can be beneficial when used with the proper notice, consent, and control.

"Underlying technology typically becomes unwanted when it is implemented in a way that provides no benefit to -- or actively harms -- authorized users," according to the Anti-Spyware Coalition's definition.

The organization crafted the guidelines with help from nearly 400 comments from individuals and organizations. Though not every antispyware vendor participated, Cluley said this release will encourage more companies to get involved with the group and make use of its information.

Additionally, the group released a public draft of a risk modeling document that offers vendors a broad set of behaviors to use when classifying spyware.

The Anti-Spyware Coalition hopes it will serve as a catalyst to encourage vendors to share information on how they determine what is and isn't spyware. It will accept public comment on the risk modeling document through Nov. 27. This effort is expected to set the stage for set of consumer best practices to be published in the near future.