Coalition Posts Spyware Risk Guidelines
The Anti-Spyware Coalition published new guidelines on Thursday designed to help consumers assess whether or not a software product is considered spyware. The group also revised an earlier draft of definitions that differentiate between acceptable and invasive advertising.
With 43 percent of Internet users reporting they have been infected with spyware, tools to detect and remove the malicious applications have become a prerequisite for PC users. But much confusion still exists on what constitutes spyware and adware, which has led to improper classification and even lawsuits.
The Anti-Spyware Coalition, headed by the Center for Democracy & Technology with support from industry giants AOL, Earthlink, Microsoft, and Yahoo is attempting to set the record straight with a series of guidelines. Along with educating consumers, anti-spyware software vendors could avoid legal attacks from ad companies who claim their software is unfairly targeted.
In the new "Risk Model" guidelines, the coalition ranks various practices common in spyware and adware with risk levels. Installing a program without a user's permission, intercepting instant messaging and e-mail, and displaying ads while hiding the source program are all considered "high risk."
Medium risk practices include changing a user's homepage set in their Web browser, while collecting data on consumers by using cookies is of low risk. Rankings are also assigned to consent, with manual downloading receiving high marks while complicated EULAs rated low.
"It is important to note that with proper notice, consent, and control some of these same technologies can provide important benefits," the guidelines acknowledge. "Tracking can be used for personalization, advertisement display can subsidize the cost of a product or service, monitoring tools can help parents keep their children safe online, and remote control features can allow support professionals to remotely diagnose problems."
In addition to these guidelines, the Anti-Spyware Coalition updated an earlier list of definitions, which received over 400 public comments following its publication in July. Little changed, however, in the final revision.
The group defined "potential threats" -- a term that includes spyware, adware, cookies and hijackers -- as programs that: impair users' control over their systems, including privacy and security; impair the use of system resources, including what programs are installed on their computers; or collect, use and distribute personal or otherwise sensitive information.
Public comments will be accepted on the draft Risk Model guidelines until November 27, the coalition said.