What is spyware? Industry group has an answer.

The Anti-Spyware Coalition has released a set of guidelines to help vendors determine what should be blocked and what maybe is allowed.

It isn't always easy to distinguish safe programs from spyware, but an industry group is trying to make the process easier.

The Anti-Spyware Coalition, a group of more than two dozen technology vendors and interest groups, late last week unveiled a set of guidelines to help antispyware vendors determine what should be flagged as spyware.

The coalition, led by the It industry's Center for Democracy and Technology and includes vendors such as McAfee Inc., Microsoft, Sophos plc, Symantec Corp., Trend Micro Inc. and others, defines spyware as technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:

  • Material changes that affect their user experience, privacy or system security;
  • Use of their system resources, including what programs are installed on their computers; and/or
  • Collection, use, and distribution of their personal or other sensitive information.

    Graham Cluley, senior technology consultant for UK-based security vendor Sophos, said it's often difficult for vendors and systems administrators to know where to draw the line on unwanted spyware, and how to distinguish it from acceptable adware.

    "This makes it easier for the security vendors to determine what they should detect and what they shouldn't," Cluley said. "Incorporating these guidelines is going to make their products easier to use and will benefit the consumer."

    More on spyware

    Check out our special report on spyware: In the Eye of the Beholder

    Visit our topics page on spyware, adware and Trojans

    The coalition's spyware definition notes the complexity involved, since some technologies that have been linked to spyware -- such as tracking software that supports unauthorized key logging, or remote-control software that can open the door for botnets and "droneware" -- can be beneficial when used with the proper notice, consent, and control.

    "Underlying technology typically becomes unwanted when it is implemented in a way that provides no benefit to -- or actively harms -- authorized users," according to the Anti-Spyware Coalition's definition.

    The organization crafted the guidelines with help from nearly 400 comments from individuals and organizations. Though not every antispyware vendor participated, Cluley said this release will encourage more companies to get involved with the group and make use of its information.

    Additionally, the group released a public draft of a risk modeling document that offers vendors a broad set of behaviors to use when classifying spyware.

    The Anti-Spyware Coalition hopes it will serve as a catalyst to encourage vendors to share information on how they determine what is and isn't spyware. It will accept public comment on the risk modeling document through Nov. 27. This effort is expected to set the stage for set of consumer best practices to be published in the near future.

    This article originally appeared on SearchSecurity.com.

  • Dig deeper on Network intrusion detection and prevention and malware removal

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchVirtualDesktop

    SearchWindowsServer

    SearchExchange

    Close