Little Agreement on Spyware Guidelines

By ANICK JESDANUN, AP Internet Writer

Many anti-spyware programs scour computer hard drives for those
data-tracking files called cookies that we often get from Web visits.
Microsoft Corp.'s tool does not. And there are disputes aplenty about
whether certain widely used advertising programs circulating on the
Internet are clean of spyware.

No surprise, then, that there's little agreement on what should be
considered spyware, and what adware is exactly. Or on whether adware,
which delivers ads, is a form of spyware or a breed apart.

Consumers are confounded. Is their computer-cleaning overzealous or
not thorough enough? Are they removing useful programs with the dreck?

No less vexed are makers of anti-spyware software. They're beset by
legal headaches, constantly challenged for what their products define
and target as malware.

"It certainly distracts us from the job at hand," said David Moll,
chief executive of Webroot Software Inc.

Help may be on the way. Led by the tech-advocacy group Center for
Democracy and Technology, the anti-spyware industry is crafting
definitions and plans to eventually set up dispute-resolution
procedures. A draft is expected by late summer.

"A definition is the foundation," said Ari Schwartz, the center's
associate director. "If a consumer's going to make a decision in the
marketplace about what they have and what software they are going to
use, it's helpful to have a basis to do that on."

Similar efforts, however, have failed before.

Part of the challenge stems from how the term "spyware" evolved.

"It started out as being called spyware because a lot of it was spying
on people and sending personal information," said Dave Methvin, chief
technology officer with tech diagnostic site PC Pitstop. "It's a
catchy, quick word that is always easy for people to understand and
say."

But the term stuck even as some of these programs, in response to
consumer complaints, began sending back less data and became less
sneaky.

In some people's minds, spyware came to include programs that change
Web browser settings without asking or trick users into racking up
huge phone bills by making the equivalent of "900" calls to foreign
porn sites.

"Spyware has sort of become the euphemism for any software I don't
want," said Wayne Porter, co-founder of SpywareGuide.com.

The result is chaos.

Microsoft, for instance, chose not to scan cookies because many sites
need them to remember passwords and otherwise customize a surfer's
experience. Cory Treffiletti of the online ad agency Carat
Interactive says cookies help sites identify repeat visitors so the
same ads aren't shown over and over.

But other spyware hunters flag cookies on the grounds that they help
advertisers track behavior. EarthLink Inc.'s Scott Mecredy says
anti-spyware programs have gotten sophisticated enough to distinguish
good cookies from bad.

Then there's the question of whether "spyware" includes adware.

Claria Corp., formerly known as Gator Corp., has sued several
anti-spyware companies and Web sites for calling its advertising
software "spyware." PC Pitstop rewrote some of its materials as part
of a settlement.

Even "adware" isn't good enough for some.

Joseph Telafici, director of operations for McAfee Inc.'s security
research unit, says the company now gets one or two complaints a week,
compared with two or three per quarter last year from companies whose
programs it has dubbed spyware or adware.

McAfee is in the process of assigning a full-time lawyer.

Symantec Corp. sought to pre-empt a lawsuit by filing one itself,
asking a federal court to declare that it had the right to call
Hotbot.com Inc.'s toolbar adware. Hotbot did not respond to requests
for comment.

Symantec still faces a lawsuit by Trekeight LLC, whose product
Symantec brands adware.

Though it has yet to sue, 180solutions Inc. takes issue with "adware,"
preferring "searchware" or "sponsorware." "Adware" has become too
linked with bad actors, and the industry needs more differentiation,
said its chief executive, Keith Smith. Most anti-spyware vendors,
however, still put 180solutions in that category.

Aluria Software LLC says one company, WhenU.com Inc., has changed its
practices enough that it is now spyware- and adware-safe.

But America Online Inc., though it uses Aluria's technology, prefers a
different test: What its users think.

AOL found that users overwhelmingly choose to rid their computers of
WhenU's SaveNow application when anti-spyware scans uncover it, so AOL
continues to list as adware.

Adding to the confusion is the fact that many legitimate programs -
including Microsoft Corp.'s Windows operating system and Web browser -
send out data without making the user fully aware, one of the common
attributes of spyware.

And many programs that spy do have legitimate functions - people may
run a keystroke recorder to monitor spouses whom they suspect of
cheating. Or they may willingly accept adware in exchange for a free
game or screensaver.

Anti-spyware software companies say they leave removal decisions to
customers, though many users simply follow their recommendations,
failing to distinguish the mild from the malicious.

"If an anti-spyware company recommends that the software (gets)
blocked, consumers will typically block it," said Keith Smith, chief
executive of 180solutions. "It doesn't matter how good an experience
they have with it."

Alex St. John, chief executive of WildTangent Inc., says anti-spyware
companies have an incentive to overlist programs: It makes their
products appear effective. Better definitions, he said, would help
clear his company's game-delivery product.

"We want to do anything under our power to be clearly defined as a
legitimate, upright consumer company," he said. "We would love to have
something to adhere to."

Guidelines could give anti-spyware vendors a better defense.

For consumers, said Tori Case of Computer Associates International
Inc., "if we start using the correct terminology, we can demystify it
a bit and help people understand what the real risks are."

Copyright 2005 The Associated Press.

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily.

.

Relevant Pages

  • Cant Trust Spyware Protection?
    ... The next time you run a scan with your anti-spyware tool, ... Some adware companies, arguing that their software ... the delisting happened as the result of an employee error, ... "When a spyware program gets delisted, users won't be aware of its ...
    (comp.dcom.telecom)
  • Re: Adware Question
    ... I'd sure like to hear more since we have Adware on all the ... "adware"" or "spyware" by the clueless. ... Let me be blunt about how it is in the anti-spyware field. ... all commercial, paid-for anti-spyware programs, excluding Ad-Aware Pro ...
    (comp.security.firewalls)
  • Re: Defender Beta 2 ----- NEEDS SOME ATTENTION
    ... it not catch and stop adware, and the other types of low lovel junk ... still not catching and stoping these cookies from these very basic ... annoying types of adware and what ever the other stuff is called. ... be deleted by a spyware program. ...
    (microsoft.public.security)
  • Re: Adware problem
    ... >infections in the Registry, file and cookies, and deleted ... I then rebooted and ran Adware again and it found no ... Spyware Warrior: ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Norton Antivirus has not found ANY spyware or viruses since su
    ... other spyware programs that HAVE found items. ... Norton is not any sort of tool. ... component called Norton Anti-spyware ... cookies or some questionable IE helpers, not all of them are 100% ...
    (microsoft.public.windowsxp.help_and_support)
Loading