Tech Giants Team to Fight Spyware

March 8, 2008 – 4:12 PM

The Anti-Spyware Coalition (ASC), a group of IT companies and public interest groups, is hoping to succeed where a previous vendor organization failed in tackling the global problem of spyware. The ASC released an agreed-upon draft definition of spyware this week that it hopes will promote public comment and ultimately result in users becoming better educated about the dangers of spyware.

The Consortium of Anti-Spyware Technology Vendors (Coast), initially drawn from the security software vendor community, fell apart in February after a failed 16-month effort to coordinate its members’ conflicting goals and an ongoing debate over admitting companies that created spyware. The ASC, convened by the Center for Democracy and Technology, has a much wider membership than Coast.

ASC member include the likes of America Online, Computer Associates International, Hewlett-Packard, Microsoft, and Yahoo, along with McAfee, Symantec, and Trend Micro, and anti-spyware specialist vendors Aluria Software and Webroot Software. The organization also numbers the Canadian Internet Policy and Public Interest Clinic, the Cyber Security Industry Alliance, and The University of California Berkeley’s Samuelson Law, Technology, & Public Policy Clinic among its members.

The ASC was formed in early April, after a number of companies approached the Center for Democracy and Technology about forming a group to combat spyware. The organization’s Web site went live this week.

Ari Schwartz, associate director of the Center for Democracy and Technology, has been heading up the ASC’s work. He says that the new anti-spyware consortium had learned from Coast’s experience. “The main difference between us and Coast is that we’re trying to help anti-spyware companies communicate better together and with consumers,” Schwartz says. “Coast was more about communication between anti-spyware companies and software publishers.”

Cause for Concern

One fear the ASC has is the potential harm spyware could be having on consumers’ Internet behavior, Schwartz says, as indicated by last week’s Pew Internet & American Life Project survey. The study revealed that 91 percent of Internet users polled have changed their behavior online to try and avoid being attacked by spyware and other unwanted technologies.

Spyware isn’t only plaguing consumers. “What we’re hearing from companies is that spyware is starting to become a bigger enterprise problem,” Schwartz says, pointing to the recent multimillion dollar contract for anti-spyware technology issued by the U.S. Department of Defense.

“We’d like to see more enforcement actions,” Schwartz says, adding that the ASC will hope to improve communications between anti-spyware vendors and law enforcement to track down spyware companies. A commissioner from the U.S. Federal Trade Commission (FTC) attended the ASC’s Washington, D.C., meeting.

The ASC is inviting public comment for the next month on documents it released this week. “We’re just trying to get a foundation down,” Schwartz says. The documents include a list of spyware and other potentially harmful technologies aimed at users, a glossary defining commonly used terms relating to spyware, and safety tips about how to protect against spyware.

There’s also a process laying out how to resolve disputes if a vendor believes its software has been wrongly tagged as spyware. Previously each anti-spyware company worked on developing its own process and spyware companies would try to play off one antispyware company against another using their various dispute processes, according to Schwartz. “We’re leveling the playing field so that anti-spyware companies spend less time talking about the [vendor dispute] process and more time on how to tackle spyware,” he says.

Spyware can be defined two ways, according to the ASC. “In its narrow sense, spyware is a term for tracking software deployed without adequate notice, consent or control for the user,” the organization states in its glossary. However spyware is also used as an umbrella term encompassing not only its narrow definition, but also other “potentially unwanted technologies,” the ASC adds, including harmful adware, unauthorized dialers, rootkits, and hacker tools.

In its anti-spyware safety tips document, the ASC has six major recommendations for users to defend themselves against spyware. The organization suggests that users keep the security on their computers up to date; only download programs from Web sites they trust; familiarize themselves with the fine print attached to any downloadable software; avoid being tricked into clicking dialog boxes; beware of so-called “free” programs; and use anti-spyware, antivirus, and firewall software.

Come August 12, ASC will review and respond to all the comments it has received, Schwartz says. The organization will then meet toward the end of August and produce a final document. “The next step is do risk modeling, help companies make decisions about what they flag as spyware, what’s their objective criteria for flagging, and work on best practices,” Schwartz says.

http://www.pcworld.com/news/article/0,aid,121810,tk,dn071305X,00.asp