ZDNetAsia : Printer Friendly - Spyware fight attracts a crowd

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Asia.
--------------------------------------------------------------

Spyware fight attracts a crowd

By Joris Evers
Monday, February 13 2006 12:00 PM
URL: http://www.zdnetasia.com/news/security/0,39044215,39310848,00.htm

WASHINGTON--Four groups have sprung up to fight the insidious software that pops up ads on screens or spies on PC users. Is that too much of a good thing?

Last month, the number of efforts to fight adware and spyware doubled with the announcement of two new initiatives: Spywaretesting.org, a consortium of antivirus companies, and StopBadware.org, an initiative led by two universities. These join the Trusted Download Program and the Anti-Spyware Coalition, both formed last year.

The new initiatives were the hot hallway topic outside an event hosted by the Anti-Spyware Coalition here Thursday. People there disagreed on whether more is merrier. Some predict the efforts will collide, as each group is dedicated to helping consumers deal with the insidious software. Others say the peer pressure will keep each organization on its toes, helping the cause.

"To many of us, it is completely baffling why there are so many different groups out there," said Alex Eckelberry, president of Sunbelt Software, a maker of anti-spyware tools. Sunbelt has not joined any of the efforts in order to maintain its independence, he said.

According to a Pew Internet & American Life Project study published last year, roughly 59 million American adults have spyware or adware on their computers. Other experts have said as many as 80 percent of consumers' PCs are infected with the annoying software.

Eric Allred, who works at Anti-Spyware Coalition member Microsoft as an anti-spyware response coordinator, said the existence of several bodies could make the work of each group less effective. That could hurt their overall goal of protecting consumers, he said.

But more voices can only help, said David Fewer, a staff counsel at the Canadian Internet Policy and Public Interest Clinic, a consumer advocacy group in Ottawa associated with the Anti-Spyware Coalition. "More consumer education is a good thing, especially if these groups have consistent messaging, which I think they do," he said.

Each of the four groups appears to be dedicated to a distinct purpose, said Tori Case, director of security management at Computer Associates International. Though the goals of each group sometimes overlap, that spread should help stop them stepping on each other's toes.

"That provides focus," she said. "You risk losing focus and (having) conflict of interest in a large organization."

Who's doing what
The Anti-Spyware Coalition only got going in June last year, but is still the oldest group dealing with adware and spyware. It is focusing on coming up with a definition of spyware, to help draw a line between legitimate adware and intrusive downloads. In January, it published guidelines for identifying and combating spyware. It also issued tips for makers of anti-spyware tools to help them deal with companies that complain their software has been inappropriately flagged.

The formation of the group came just months after the collapse of the Consortium of Anti-Spyware Technology vendors, or Coast, which had many of the same goals. Coast fell apart after it allowed a company suspected of making adware to join, a decision that prompted the departure of several key members.

In November, the Trusted Download Program made its debut. The stated aim of the organization is to certify software downloads that are friendly and noninvasive. The program is run by privacy watchdog Truste and backed by America Online, Yahoo, CNET Networks, Verizon and Computer Associates. (CNET Networks is the parent of CNET News.com.)

The Trusted Download Program is creating a list of approved applications, which may in fact still display advertising. To be certified, makers of the software have to clearly communicate what their product does. The consumer has to consent to a software download before it begins, and then click again before the installation starts.

Critics have expressed doubts about the Trusted Download Program, saying that it may legitimize adware. They contend that some makers of disputed software may be able to gain certification and use that to expand their distribution.

StopBadware.org is taking the opposite approach. It plans to publish a blacklist of offending software and publicly shame the companies that create such applications. The initiative is run by Harvard University and Oxford University with backing from Google, Sun Microsystems and Lenovo.

On the StopBadware.org Web site, Internet users will be able to check if a piece of software is invasive and alert others to annoying programs they have encountered. The group is trying to tap into the experience of ordinary Internet users, and encourages people to share horror stories and technical reports. It plans to craft its own definitions for this kind of malicious software--a goal that overlaps somewhat with that of the Anti-Spyware Coalition.

"What is spyware? It is not a settled question," said Luis Villa, senior technologist at the Berkman Center for Internet & Society at Harvard Law School. Villa works on the StopBadware.org site. "It is not entirely clear that all the options out there are providing clear standards," he added.

Another area of development is spyware testing guidelines--both StopBadware and the Spywaretesting.org have pledged to come up with these. Spywaretesting.org is an initiative launched last month by antivirus companies McAfee, Symantec and Trend Micro, along with ICSA Labs and Thompson Cyber Security Labs. It plans to draft standards for spyware samples in addition to testing. All the companies involved, except for Thompson, are also members of the Anti-Spyware Coalition.

Though now separate, the groups may one day come together. Villa of StopBadware pointed out that any competition between the groups is friendly, and others noted that the efforts are still in an early, pioneering phase. Truste, which runs the Trusted Download Program, also appears to expect consolidation.

"I think they could all be complementary and get together over time," said Fran Maier, executive director of Truste.

There were some talk of this at the Washington event. Some attendees speculated that the Spywaretesting.org group might become part of the Anti-Spyware Coalition. In addition, a scheduled Friday meeting to discuss Spywaretesting.org's work spurred others into predicting that the organization might pick up more allies.

"Spywaretesting.org has been predominantly driven out of the antivirus industry," Eschelbeck said. "They probably have a need to involve the anti-spyware vendors as well. We're ready."