Print this article | E-mail this article | Comment on this article

Coalition Posts Spyware Risk Guidelines

By Nate Mook, BetaNews

October 27, 2005, 1:27 PM

The Anti-Spyware Coalition published new guidelines on Thursday designed to help consumers assess whether or not a software product is considered spyware. The group also revised an earlier draft of definitions that differentiate between acceptable and invasive advertising.

With 43 percent of Internet users reporting they have been infected with spyware, tools to detect and remove the malicious applications have become a prerequisite for PC users. But much confusion still exists on what constitutes spyware and adware, which has led to improper classification and even lawsuits.

The Anti-Spyware Coalition, headed by the Center for Democracy & Technology with support from industry giants AOL, Earthlink, Microsoft, and Yahoo is attempting to set the record straight with a series of guidelines. Along with educating consumers, anti-spyware software vendors could avoid legal attacks from ad companies who claim their software is unfairly targeted.

In the new "Risk Model" guidelines, the coalition ranks various practices common in spyware and adware with risk levels. Installing a program without a user's permission, intercepting instant messaging and e-mail, and displaying ads while hiding the source program are all considered "high risk."

Medium risk practices include changing a user's homepage set in their Web browser, while collecting data on consumers by using cookies is of low risk. Rankings are also assigned to consent, with manual downloading receiving high marks while complicated EULAs rated low.

"It is important to note that with proper notice, consent, and control some of these same technologies can provide important benefits," the guidelines acknowledge. "Tracking can be used for personalization, advertisement display can subsidize the cost of a product or service, monitoring tools can help parents keep their children safe online, and remote control features can allow support professionals to remotely diagnose problems."

In addition to these guidelines, the Anti-Spyware Coalition updated an earlier list of definitions, which received over 400 public comments following its publication in July. Little changed, however, in the final revision.

The group defined "potential threats" -- a term that includes spyware, adware, cookies and hijackers -- as programs that: impair users' control over their systems, including privacy and security; impair the use of system resources, including what programs are installed on their computers; or collect, use and distribute personal or otherwise sensitive information.

Public comments will be accepted on the draft Risk Model guidelines until November 27, the coalition said.

Add a Comment (8 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

By JacenSolo

posted Oct 30, 2005 - 2:12 AM

Spyware is a program that tracks what you do. Period. Adware is a program that displays ads outside of the target program.

Opera's way of displaying ads (it not longer does through :P) is preferable to Kazaa's way, for example.

Anything that installs into Firefox or IE without me requesting it is spyware. Anything that fits into another program, without me requesting it, is spyware. All the above should be illegal, not semilegal.

Score: 0

By serinojj

posted Oct 28, 2005 - 1:40 PM

Well let me just say that i do agree with rijp has stated.

It is well documented that adware is spyware when these companies want to see where you got so they can blast you with ads on those website you go to if they are not there.

In fact this is the reason i stay with Lavasoft product only because they created that committee and they are the ones that saw it being taken over by the marketing and ad agencies and being told to accept certain ads because they were members to that committee. When Lavasoft left that committee it made all those companies on their list of and that was several years ago.

I have looked at the McAfee and Symantec versions of antispyware program and they leave so many holes that it is as useless as something on a bull.

I being an earthlink user have issues with them as they are operating like AOL in there need to display ads on their sites. Of course they support the use of Symantec products and I have seent the factor of ads increase on them so much that I am glad I never use their products.

Everyone understands the idea of advertising but the concept of allowing even cookies to Betanews is no different in this respect becasue they too are monitoring you to display ads.

Thank God for Firefox and Adblock and RIP extensions Spybot and Ad-aware and blocking many of the marketing and ad agency in my firewall it takes longer but then they don't get on the machine nor are they allowed to contact their website. I am looking onto the Host file to stop them even further.

This has nothing to do with politics but money. When a company wants to advertise the advertising company now forces them to exclude them from any antispyware programs or they have to pay a much higher price for their service.

I have been doing my best to teach my relatives , friends and my fellow computers friends of nearly 30 years on this.

Score: 0

By joeshmoe7

posted Oct 28, 2005 - 11:20 AM

ha, i don't need any coalitions to tell me what spyware is. Why tell me what it is, so that they can push on me the stuff they deem not to be a threat? With all the spyware/adware venders trying to act legit these days, this smells of wolf in sheeps clothing. I define spyware, with my own "coalition" of cells called a brain. It's not perfect but i trust it's motives more then that of big corps.

Score: 0

By wincement

posted Oct 28, 2005 - 3:13 PM

The point is... to create a formal definition of it so that anti-spyware companies won't have to guess at what should be deemed spyware or not. It should also act as a sort of mild-policing of the makers of spyware to let them know they are in the red zone.

Up until now (well actually still now), it's just been one side saying, "You guys are spyware!" and the other side saying, "No we're not!" "Yes you are!" "No we're not!" etc...

Now there will be a formal definition to use as a reference.

Score: 0

By markww

posted Oct 28, 2005 - 7:07 AM

SPYWARE is a invasion of PRIVATE PROPERTY

ITS MY COMPUTER NOT YOURS TO PLACE ANYTHING ON IT PERIOD

STAY OUT

Score: 0

By markww

posted Oct 28, 2005 - 7:06 AM

ANY SPYWARE IS BAD no matter what it is.

It Infects Clean Computers, does harm,and is not right to put any infections or spy traces in anyone's computer its like total private property. You didn't buy my computer I DID.

Score: 0

By rijp

posted Oct 27, 2005 - 2:23 PM

I don't care what definition they deem spyware, spyware is ANY program that infringes on a users ability to function. There is no "acceptable" limit to this type of activity. If a program STARTS harmless and BECOMES a nuisance, its spyware. Period. The word "spyware" may have become an all inclusive term to blanket cover programs that do other things, but maybe the term should be coined "nuisanceware". Either way, investigating software in add-remove programs is very revealing. People have items that they didn't put there, nor do they want it.

AOL could be deemed spyware/nuisance if you have multiple versions, and the removal program only removes "known" versions, and previous versions persist, THAT's spyware.

If you have programs that get installed ALONG with a acceptable or wanted program, then THAT program should be termed SPYWARE. Programs that facilitate other programs infiltration is spyware.

If you commit a crime, and you do it with someone, that someone is guilty by association of you are found guilty. Same with software, guilty by reason of affiliation. That's spyware!

What I don't want is a bunch of programs on my machine that fill it up, and I didn't SPECIFICALLY put it there, it shouldn't be "ignored" simply because some damn committee doesn't think its harmful. Its harmful, if I say its harmful, I don't give a damn. If AOL won't remove from my system, after the deletion routine is finished, and AOL continues to infiltrate and infringe or interfere with proper operation of my system, that's SPYWARE! Even if it wasn't to begin with, it is now, and should be removed.

OK, that's a drastic measure, but the old addage, if it walks like a duck, looks like a duck and acts like a duck, it MUST be a duck!!!!! It can't be anything else.

If companies make programs that APPEAR to retain spyware like activity or programs simulate spyware activity, then maybe there is a problem there.

This is a prime example of not including the people this ruling will affect. The people. We use it, we should be able to vote on the outcome, but no, instead they leave it some committee. If a few months from now, I have sypware I can't remove and my anti-spyware is updated to ignore it, I am going to be pissed, and there will be hell to pay.

Score: 0

By bourgeoisdude

posted Oct 28, 2005 - 11:36 AM

Well said

Score: 0

Dec 1 - 9:34 PM ET Alltel breaks in a mobile wallet with mFoundry

Dec 1 - 7:38 PM ET Intel tries to turn the tables on AMD in document discovery dispute

Dec 1 - 6:59 PM ET Palm to restructure yet again, may cut more jobs

Dec 1 - 4:58 PM ET Blockbuster downloads headed for more devices via Live Mesh

Dec 1 - 4:55 PM ET AOL's PlaySavvy speaks to game-shy parental units

Dec 1 - 4:41 PM ET Less bad news than anticipated for the semiconductor industry in 2008

Dec 1 - 3:51 PM ET 'Xohm' makes way for 'Clear,' as Sprint/Clearwire merger moves ahead

Dec 1 - 2:01 PM ET Chasing down the latest Cyber Monday tech deals

Dec 1 - 12:50 PM ET Will 'Cyber Monday' fare better than a weak 'Black Friday?'

Dec 1 - 12:38 PM ET Microsoft Cashback goes offline to Black Friday shoppers