The Anti-Spyware Coalition (ASC), an alliance of I.T. firms and public-interest groups, has finalized its definition of spyware, which will serve as the foundation for the group's ongoing efforts to combat the growing Internet threat.
The first of those efforts is a "risk modeling" document that outlines the objective criteria antispyware vendors use to determine whether to identify a piece of software as spyware.
The document provides technical details about behaviors that make certain technologies risky, helps users better understand how the products that protect their computers work, and offers guidelines for security companies.
The ultimate objective is to create industry-wide best practices in fighting the spyware onslaught. To that end, the risk-modeling document is open for public comment until the end of November on the ASC Web site.
As Internet users struggle to maintain control over their computers, many find themselves in a cyclical battle against software that installs itself surreptitiously, opens security holes, and reinstalls itself after being deleted.
According to the ASC, the worst of these programs enable Internet criminals to obtain sensitive personal information through keylogging, while other spyware can be used to deliver Internet worms or launch denial-of-service attacks.
"The alliance wants to eliminate the confusion regarding spyware and other types of malware," said Graham Cluley, senior technology consultant at Sophos, whose company is a member of the group. One issue to address is pop-up ads, which most people assume is spyware but typically is not, he said.
Definition of Terms
"Adware is here to stay, and most of it is legitimate, but it has to be monitored and we need to develop a consensus throughout the industry on best practices for online advertising," said Cluley.
Spyware is becoming increasingly sophisticated, he noted, with practitioners installing worms without any action by the user and enticing people to visit Web sites that can exploit a browser vulnerability.
Computer and software makers are addressing the issue, and a growing antispyware industry has created an array of tools to help consumers identify and purge their computers of unwanted technology. "We need to understand the threats and raise awareness of what can be done to combat spyware," Cluley said.
This week the ASC has provided a formal definition of spyware, a glossary that offers clear definitions for terms commonly used in discussions about spyware, and a set of common industry guidelines that outlines the steps antispyware companies should take in responding to complaints from software vendors who contend that their products have been improperly flagged as spyware.