Anti-Spyware Group Publishes Guidelines

["Richard M. Smith" <rms () computerbytesman com>]

http://news.yahoo.com/s/ap/20051027/ap_on_hi_te/spyware_word_wars

NEW YORK - A coalition of anti-spyware vendors and consumer groups published
guidelines Thursday to help consumers assess products designed to combat
unwanted programs that sneak onto computers. 

The Anti-Spyware Coalition released the guidelines for public comment and
also updated a separate document that attempted to craft uniform definitions
for "spyware" and "adware" in hopes of giving computer users more control
over their machines.

According to the Pew Internet and American Life Project, Internet users have
become more cautious online because of worries about spyware and adware,
which can bombard users with pop-up ads and drain processing power to the
point of rendering computers unusable.

Nearly half of adult online Americans have stopped visiting specific Web
sites that they fear might infect them with such unwanted programs, and a
quarter have ceased to use file-sharing software, which often comes bundled
with adware.

In addition, 43 percent of Internet users say they've been hit with spyware,
adware or both, with broadband users generally at greater risk.

The new guidelines from the coalition assign risk levels to various
practices common with spyware and adware.

High-risk practices include installation without a user's permission or
knowledge, interference with competing programs, interception of e-mail and
instant-messaging conversations and the display of ads without identifying
the program that generated them.

Changing a browser's home page or search engine setting is deemed a medium
risk, while using data files called cookies to collect information is
considered a low risk.

"Although all behaviors can be problematic if unauthorized, certain ones
tend to have a greater impact and are treated with more severity than
others," the guidelines say.

The idea is to agree on what practices consumers should worry most about.
Within the general rankings, individual vendors still have leeway to assign
their own weight to each behavior in deciding whether to quarantine or
remove a program when detected.

The coalition also offers similar rankings on consent.

High marks go to programs that are distributed as separate downloads in
clearly labeled packages, while those that try to bury what they do in
legalese are given low ratings.

The commenting period on the guidelines ends Nov. 27.

The guidelines could encourage industry "best practices" that developers of
adware and other programs could follow to avoid getting flagged by
anti-spyware vendors.

However, the coalition has yet to set a timetable for defining such
practices, said Ari Schwartz of the Center for Democracy and Technology,
which led the coalition.

Nonetheless, Schwartz said, Thursday's announcements represent a start
toward long-term improvements in anti-spyware tools and consumer education.

"There won't be as much gray area, and we'll have more transparency out
there," he said.

A separate coalition document defining spyware and related terms changed
little from the draft issued in July. 

The updated definitions document, reflecting nearly 400 comments received
from the public, still flags as potential threats - an umbrella definition
that includes spyware, adware and other categories such as "hijackers" and
"cookies" - programs that: 

_impair users' control over their systems, including privacy and security; 

_impair the use of system resources, including what programs are installed
on their computers; and/or 

_collect, use and distribute personal or otherwise sensitive information. 

But by classifying "adware" as falling under the umbrella term, "Spyware and
Other Potentially Unwanted Technologies," the coalition avoided a key
dispute that has led to lawsuits by adware developers against anti-spyware
vendors: Is adware a form of spyware or are the two separate 
 
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.