[ISN] Anti-spyware guidelines get final version

InfoSec News isn at c4i.org
Fri Jan 13 05:19:41 EST 2006


http://news.com.com/Anti-spyware+guidelines+get+final+version/2100-7349_3-6026632.html

By Alorie Gilbert
Jan. 12, 2006

A coalition of software companies have agreed on standard methods for
identifying and combating spyware, those unwelcome downloads that have
plagued Internet users with pop-up ads and other annoyances.

The Anti-Spyware Coalition, whose members include Microsoft, Symantec,
Computer Associates, McAfee, AOL and Yahoo, said on Thursday that it
has finalized its spyware detection guidelines. The final version
takes into account public comments on a proposed version introduced in
October.

Spyware and adware have become widely despised for their sneaky
distribution tactics, unauthorized data gathering and tying-up of
computer processing power. Although adware makers say there are
legitimate uses for their programs, an entire anti-spyware market has
been spawned to combat the stuff.

The Anti-Spyware Coalition's guidelines, or risk model description,
aim to provide a common way to classify spyware, based on risks a
piece of software poses to consumers. They also suggest ways to handle
software, based on those risk levels.

Among the behaviors the group considers high-risk are programs that
replicate themselves via mass e-mails, worms and viruses. Also,
programs that install themselves without a user's permission or
knowledge, via a security exploit, are also deemed high-risk, as are
programs that intercept e-mail or instant messages without user
consent, transmit personally identifiable data, or change security
settings.

The coalition hopes the final guidelines, which have changed little
from the proposed version, will lead to better anti-spyware products.
To that end, Cybertrust, through its ICSA Labs unit, is planning to
certify products that meet the guidelines. Consumers should see the
first products with its anti-spyware seal of approval within the next
few months, the IT security and risk management company said.

The guidelines should also make it clearer when companies cross the
line of what's acceptable and legal and what's not when it comes to
downloads, as Sony BMG did recently with its "rootkit" programs, said
Ari Schwartz, a spokesman for the Anti-Spyware Coalition. Sony
recently settled a class-action lawsuit over copy-restriction software
hidden on customers' computers using a rootkit, which opened those PCs
up to attack. The company also recalled the CDs after a public uproar.

Yet attempts to define spyware, create guidelines and certify products
are controversial. Critics fear guidelines will legitimize spyware and
enable distributors to dodge blocking tools while continuing bad
behaviors.

The Anti-Spyware Coalition group plans to conduct a public workshop on
Feb. 9 in Washington, D.C., and is currently working on tips for
consumers, including teens and parents, and businesses, Schwartz said.

Copyright ©1995-2006 CNET Networks, Inc. All rights reserved.





More information about the ISN mailing list