A group of security vendors today announced they have joined forces
to reduce confusion surrounding identifying and eliminating spyware.
McAfee, Symantec, Trend Micro, ICSA Labs and Thomson Cyber Security
Labs plan to create a standardize method for evaluating spyware products.
“There is an enormous amount of confusion in the marketplace about
the origins of spyware and the effectiveness of the tools designed to
fight it,” Larry Bridwell of ICSA Labs, an independent part of
Cybertrust, told internetnews.com.
“Due to the current lack of agreed-upon best practices and standards
for testing and reviewing anti-spyware solutions, it is difficult, if
not impossible, for users (corporate and consumers) to understand the
results of the comparative reviews being done and reported,” Bridwell
said.
Agreeing on a common definition of spyware is a much needed first step, according to analysts.
“There have been several industry definitions, which are needed
because some friendly software exhibits spyware like behavior and lots
of spyware provides some friendly feature,” John Pescatore of Gartner
tells internetnews.com.
The organization, dubbed Spywaretesting.org, will use definitions developed by the Anti-Spyware Coalition (ASC).
The ASC, created
by the Center for Democracy in Technology and including AOL, Microsoft
and Yahoo among its members, has defined spyware as “a term for
tracking software deployed without adequate notice, consent or control
for the user.”
Today’s group released methods for testing for spyware.
“The Anti-Spyware Coalition’s work to develop definitions and Risk
Models has helped to allow new kinds of cooperation between anti-spyware
companies and others to fight the problem,” said Ari Schwartz, deputy
director of CDT, told internetnews.com.
Standardized testing for spyware is essential for evaluating claims
made by security vendors, according to one member of the new
anti-spyware group.
“Without some testing standards, marketers can make whatever claims
they like and can find a tester to help them prove it,” said Thompson
Cyber Security Labs in a statement. “As the situation is, the public is
the big loser.”
Makers of Spykiller and Spyware Assasin recently paid $1.9 million after the FTC charged the software claimed it detected spyware (although none existed on users’ computers) and failed to remove spyware that really did exist.
Two anti-virus vendors see precedence for today’s announcement.
“Having seen over a decade of cooperation in the anti-virus industry,
we know that our products are better for it, our customers are better
protected for it, and that our industry is better for it,” McAfee said in a statement.
“The successful industry practices previously established for sharing
virus information demonstrate the effectiveness of cooperation among
Internet security experts,” said Vincent Weaver, senior development
director for Symantec Security Response.
Gartner believes the most important part of anti-spyware software is
its ability to block spyware before it gets on a PC, said Pescatore. “To
compare blocking across spyware programs, standardized testing is a good
thing, too.”
In late January, Google, Lenova and Sun Microsystems formed
StopBadware.org for consumers to discuss and report spyware they discover.
The next step is to create a certification process for anti-spyware
products, Dave Coll, director of Symantec’s Security
Response, told internetnews.com. “The industry needs to set up some standards.”
Although spyware remains a problem, malware is dividing into two
camps. Adware created by legitimate companies and software devised by
criminals, according to Coll.
Adware “is starting to clear up” as
companies seek a place alongside Google and other Internet players, he said. “The insidious stuff? That’s not going anywhere.”