Slashdot Mirror
Anti-Spyware Guidelines Get Final Version
Ant wrote to mention a C|Net article reporting an agreement by The Anti-Spyware Coalition on some standard methods for identifying and combating spyware. From the article: "The Anti-Spyware Coalition, whose members include Microsoft, Symantec, Computer Associates, McAfee, AOL and Yahoo, said on Thursday that it has finalized its spyware detection guidelines. The final version takes into account public comments on a proposed version introduced in October ... The Anti-Spyware Coalition's guidelines, or risk model description, aim to provide a common way to classify spyware, based on risks a piece of software poses to consumers. They also suggest ways to handle software, based on those risk levels."
"Any software that does things we don't like, and which you have not paid us to 'certify'".
Many of these vendors have implicitly collaborated with spyware vendors in the past, for commercial gain, and anything they say must be taken with a large pinch of salt. This is an attempt to create some teflon in view of more aggressive anti-spyware legislation.
My blog
This is very important work, because as soon as there is an 'official' set of methods for detecting spyware, the spyware authors can get to business writing spyware that avoids detection by the official methods. I'm sure spyware authors are very excited for this document.
Then, of course, the anti-spyware consortium will have to address these new vectors and issue an updated set of anti-spyware methods. Which will, of course, spur the spyware authors to come up with new, undetectable methods. And so on...
I'm so glad this consortium is coming up with an official list of methods to detect spyware, because once they do everything will be totally different than it is now. Kinda.
- For the complete works of Shakespeare: cat
This is a joke, right?
Now if Sony and Claria were involved, then we would have a REAL anti-spyware coalition. You should write them a letter, as the people who know most about spyware should be involved in defining it. Well, you can probably leave Sony out, as they already have Symantec, which is also a company that installs rootkits on people's computer.
Norton Antivirus 2006: Pay for malware that you can get it for free!
Since the guidelines themselves aren't enumerated in TFA, I'm going to hazard a guess and say that "unremoveable software installed without your permission that modifies the way your computer works and spies on you is bad if it's installed by a corporation with a net income of less than nine figures, but it's ok if it's installed by a corporation with a net income of nine figures or more, because they know more about your computer than you do, they know what's best for their customers, and they need to protect their 1920's-style business model."
Help save the critically endangered Blue Iguana
... good guys, or bad guys? If the guidelines for detecting spyware are published and agreed upon, won't the spyware jockies use them to their advantage, like a slick tax accountant snaking through tax law holes?
...that we even have to deal with spyware. I understand the need for user convience, but, I would reckon that it is highly INCONVIENT to have your system open enough to get spyware. As I've said on many posts, I don't *get* spyware, or viri, or anything else. And I'm not an anal linux zealot who would like to see Gates assassinated becuase Windows does or does not do this or that. Windows is what it is - but I use windows, at work, and at home - yet I fail to get spyware with simple configuration. When is the last time spyware was able to execute using Firefox with NoScript (whitelisted javascript), reading the EULA's [aka don't download 5,500 'free' games] and not installing kazaa [aka reem my computer please]? The fact of the matter is spyware is a _user_ problem. If _users_ continue to click "next next next" and don't understand what they are installing, spyware will be a major part of the future. Eventually, though, the old and illiterate will die out and the technology generation will understand (hopefully) enough to read and comprehend.
Why isn't Apple a member of this coalition? They are a major OS provider on the Intel platform.
Strange women lying in ponds distributing swords is no basis for a system of government.
Then again, I'm sure the spyware authors would love to have a reference document, detailing how not to get caught.
People are going about this whole 'fix the rampant spyware craze' the wrong way, IMO.
First of all, why doesn't anyone ask why this spyware exists?
Let's try answering that.. Microsoft, in their infinite wisdom, decided to give developers more and more control over a user's computer system over the years. This means that even websites can now install software, disable right-clicks, open larger than the actual desktop screen, hide the close button, pop up alerts with a 'click to install' button underneath, etc.
Also, by default, Internet Explorer and Windows XP are both very insecure. Internet Explorer allows a developer to completely compromise a system with one stray click - since XP defaults to running in administrator mode. Vista, I heard, is going to fix this problem - it's about fucking time.
Why should a typical user have to learn how to remove software on his own?
He shouldn't be required to do this.
Who is to blame?
Microsoft - NOT stupid users. There will always be stupid users and Windows is supposed to be made for stupid users.
How can Microsoft fix the spyware problem?
- Patch quickly and often when holes are found.
- Disable install on demand and any other intrusive ability by the developer to annoy or confuse the user in Internet Explorer.
- Require actual acknowledgement (ie.. type admin password) when a program attempts to install. Also, alert the user (and give option to disable) whenever a software program attempts to stick itself in memory or startup, modify any files NOT in the program directory, or change the settings of other programs.
- Do NOT allow the Windows uninstallation interface to be forced to 'rely' on the installed software. Instead, have a built-in install recorder and prompt the user if the program does not uninstall itself properly. (ie: "c:\windows\system 32\spyware.exe" has not been removed when SuperDuperSpywareRemoveproSunshineFucktheUser was uninstalled. Would you like to remove it?)
What should the other companies (besides Microsoft) do to promote fixing the spyware problem?
- Finish this tutorial
- SUE MICROSOFT for allowing such irresponsible open access by default in their monopoly OS.
What are some generalizations that Microsoft needs to change?
- The fucking USER owns the computer; the USER should be in control - not developers.
- Security and stability is paramount. Make things secure by default (like linux).
- Quit letting every goddamn piece of software install itself in startup, a shortcut in every folder on the computer, and copy files to crucial system directories.
- Promote the idea that any program should be able to run completely from the directory in which it is installed, which is controlled by the USER.
BTW, Microsoft, if you decide to use my advice, please send me a $check.
Seriously.. Windows XP is like if a car company decided to make locks on their cars an option and charge out the ass for it. Oh ya.. and the cars would be controlled ultimately by the corporations.. so if you intended to go to Burger King, your car would drive you to McDonald's instead.
--- We need more Ron Paul!
One point makes me wonder, though:
What has s/n generation to do with spyware? It does not reduce the system's security, does not reveil private data, and is probably installed on the machine because the user wants to generate a serial number!
Looks a bit as if the companies in the coalition are having trouble in keeping apart the PC owner's goals with their own...
Use the source, Luke!