RealTime IT News

Tech Coalition Seeking Input to Define Spyware

A group of software vendors and technology organizations wants a universal definition of the term spyware before attempting to limit the technology's reach, officials said Tuesday.

The Anti-Spyware Coalition (ASC) published a 13-page draft report detailing the many terms used in the spyware lexicon, how they work and basic tips to get rid of the software that burrows into a user's computer and provides sensitive information.

The group has its own definition and is now looking for feedback on the report, setting up an online comment form. From there, the ASC will revise the document and release a final version in the early fall.

The goal of the "Spyware Definitions and Supporting Documents" is to provide a definition of terms so the group can move forward with industry best practices and risk modeling. But before the group can do that, said David McGuire, ASC spokesman, everyone needs to agree on the words.

"The persistent concern in the spyware arena is that the definition of spyware has been very spongy; it changes from product to product, person to person and from analyst to analyst," he said. "A lot of this stems from not having a common dictionary of terms. These terms were sort of created in an ad hoc way, as many Internet terms are, and mean different things to different people."

What the ASC will not become, McGuire said, is a group that certifies or sanctions software.

There are a bevy of terms used to describe spyware, from snoopware, keyloggers, screen scrapers to tracking cookies, but the ASC has expanded its reach to include terms outside the strict definition of spyware to incorporate other technologies that are placed in user's PCs without their knowledge. They include adware , zombies , dialers, rootkits, tricklers and droneware.

The ASC is made up of 19 organizations, including security and software vendors, as well as groups such as the University of California, Berkeley's Samuelson Law, Technology & Public Policy Clinic. Each organization helps fund the ASC, with the Center for Democracy & Technology (CDT) providing the coordination efforts behind the anti-spyware move.

The group got its start in April when the CDT convened a meeting with a number of organizations, many of which are ASC members now, to discuss issues facing the anti-spyware industry.

And while individual efforts have tried to address the global problem of spyware, it's been hampered by a lack of agreement and clarity distinguishing good programs for bad. "The anti-spyware community needs a way to quickly and decisively categorize the new programs spawning at exponential rates across the Internet," Ari Schwartz, CDT associate director, said in a statement.

The subject of spyware and its damaging affects have been the topic of much debate in recent times, from end users who are forced to re-install their operating systems after a spyware program bogs their systems down to members of Congress who are trying to put an end to the problem.

The principal authors of the CAN SPAM Act, Senators Conrad Burns (R-Mont.) and Ron Wyden (D-Ore.), introduced the Spy Block Act in March, which would ban software that installs without a user's intention or tricks them into doing so.

In May, the U.S. House of Representatives passed the Internet Spyware Prevention Act of 2005 and the Securely Protect Yourself Against Cyber Trespass Act. Each looks to punish individuals who put spyware on an end user's computer to commit a crime, though they have differences in implementation.

Software vendors are also getting into the act themselves. Yahoo and Microsoft, two ASC members, are beta testing anti-spyware tools for its users. Computer Associates , another member, provides an anti-spyware tool through its eTrust software line.

According to a May report by Webroot, 66 percent of the personal computers it scanned were infected with an average 25 spyware entities each, a number that's down from the fourth quarter of 2004. The group includes cookies and Trojans in their numbers.