The Anti-Spyware Coalition offered up standard guidelines on Thursday for detecting, rating and protecting against unwelcome programs that have plagued Internet users in recent years.
The group, composed of software companies and consumer
advocates, also finalized its definition of spyware, veering little
from
The coalition defines
spyware and other potentially unwanted technologies as programs
deployed without sufficient user consent or impair user control over
any of the following: privacy, system security and user experience; use
of their system resources; or collection, use and distribution of
personal information. Spyware and adware have become widely despised for sneaky
distribution tactics, unauthorized data gathering, the eating-up of
computer processing power and other annoyances. Although adware makers
say there are legitimate uses for their programs, an entire
anti-spyware market has been spawned to combat the stuff. Yet attempts to define spyware and create guidelines are also
controversial. Critics fear spyware makers will use the guidelines to
avoid getting caught by blocking tools, but will find ways to continue
bad behaviors. The Anti-Spyware Coalition acknowledged the concern in one of the
documents it published on Thursday. "This is a valid concern that ASC
discussed in detail," the group said in a document summarizing public
comments it had received. "However, it is ASC's contention that the
current 'Definitions' has been written with the problem in mind and
leaves plenty of room for individual anti-spyware software companies to
decide what fits their criteria for detection." In its proposed spyware detection guidelines,
the group said anti-spyware companies should focus on how the programs
in question behave and rate them on risk. Among the behaviors the group
considers high-risk are programs that replicate themselves via mass
e-mails, worms, viruses and those that install themselves without a
user's permission or knowledge, via a security exploit, for example. Other high-risk programs are those that intercept e-mail or instant
messages without user consent, transmit personally identifiable data,
or change security settings. Using tracking cookies to collect
information or running programs automatically without explicit user
consent are considered low risk, according the guidelines. The Anti-Spyware Coalition is collecting public comment on the
document until Nov. 27 and plans to release a final version next year.
The group said it expects the guidelines to set the stage for "best
practices" for the anti-spyware industry.
Play video
There are currently no comments for this post.