Anti-Spyware Guidelines Get Final Version

Ant wrote to mention a C|Net article reporting an agreement by The Anti-Spyware Coalition on some standard methods for identifying and combating spyware. From the article: "The Anti-Spyware Coalition, whose members include Microsoft, Symantec, Computer Associates, McAfee, AOL and Yahoo, said on Thursday that it has finalized its spyware detection guidelines. The final version takes into account public comments on a proposed version introduced in October ... The Anti-Spyware Coalition's guidelines, or risk model description, aim to provide a common way to classify spyware, based on risks a piece of software poses to consumers. They also suggest ways to handle software, based on those risk levels."

Why aren't others involved.

[jellomizer]

Oh yea they make secure products.

Re:Why aren't others involved.

[grcumb]

I came to the conclusion that this organisation is nothing more than a marketing arm of the corporations involved when I read their list of recommendations. If this body had any conscience whatsoever, the first item on the list would be:

• Use safe software. Some operating systems and software applications are more susceptible to spyware than others. Be sure to verify that any software you run on your computer lives up to the highest security standards.

Afterward, if the member corporations feel that they can make the case for their safety, more power to them. But to ignore this fundamental step is disingenuous and arguably deceptive.

missing member?

[BushCheney08]

Shouldn't Sony be included in the coalition?

Coalition for Teflon

[pieterh]

"Any software that does things we don't like, and which you have not paid us to 'certify'".

Many of these vendors have implicitly collaborated with spyware vendors in the past, for commercial gain, and anything they say must be taken with a large pinch of salt. This is an attempt to create some teflon in view of more aggressive anti-spyware legislation.

What is Spyware?

[digitaldc]

I would say it is a hidden program that transmits your personal data that you neither want or need, yet the company who makes it wants it to secretly further their own interests and profit.

'Don't be evil' would apply here.

Important work!

[hoggoth]

This is very important work, because as soon as there is an 'official' set of methods for detecting spyware, the spyware authors can get to business writing spyware that avoids detection by the official methods. I'm sure spyware authors are very excited for this document.

Then, of course, the anti-spyware consortium will have to address these new vectors and issue an updated set of anti-spyware methods. Which will, of course, spur the spyware authors to come up with new, undetectable methods. And so on...

I'm so glad this consortium is coming up with an official list of methods to detect spyware, because once they do everything will be totally different than it is now. Kinda.

Re:Important work!

[drpimp]

"Then, of course, the anti-spyware consortium will have to address these new vectors and issue an updated set of anti-spyware methods. Which will, of course, spur the spyware authors to come up with new, undetectable methods. And so on..."

I concur, spyware/malware and viruses even are similar to an arms race. Bigger and better for both sides will continue to be the on going process to which the endless and vicious cycle will endure. Who usually wins this race? In most cases it's all about the more people and more $$$$ a side has, now to say which side will have more and if that will matter for this scenario, remains to be seen.

Re:Important work!

[hobbesx]

I believe that 'classification' in this case is being used in the sense of sorting and labeling by property, rather than detect and identify.

Re:Important work!

[HiThere]

In a literal arms-race, you are correct. The wealthier, more committed side will usually win, but things are slightly different if you consider the virus-immune system combat. The viruses can't win, because that would kill off their prey, but the prey can't defeat the viruses because ... well, because they can't. Evolution provides viruses with such a comprehensive ability to search vulnerability space that they can't be defeated without removing all vulnerabilities, and no organism has been able to do that. One could argue that the larger organisms are wealthier (they control more calories and more minerals), but they still can't eliminate all vulnerabilities.

Virus authors may need to turn to evolutionary algorithms to create new versions...but there's nothing inherently difficult, or even implausible, about that. It's not something that you'd do in your spare time, but it's not breaking new ground, either. Alternatively, they could start allowing the viruses that they create to have a mutation rate (and simultaneously be more prolific). This could be quite dangerous, but people searching for economic advantage aren't know for being wise and weighing the delayed costs of their actions.

Re:Important work!

[FreakyLefty]

Yes, because we can only fight spyware when nobody knows what it is...

No its not a joke

[Tezkah]

Anti-Spyware Coalition, whose members include Microsoft, Symantec...

This is a joke, right?


Now if Sony and Claria were involved, then we would have a REAL anti-spyware coalition. You should write them a letter, as the people who know most about spyware should be involved in defining it. Well, you can probably leave Sony out, as they already have Symantec, which is also a company that installs rootkits on people's computer.

Norton Antivirus 2006: Pay for malware that you can get it for free!

Re:No its not a joke

The very fact that Symantec is in the group means they are just a sham. Symantec's Norton Antivirus classifies Spybot S&D as a virus (HUH?). Then, when they were forced to admit it wasn't, the excuse becamse "Norton Ghost won't work if Spybot S&D is installed" (HUH?). Just the usual tactic to push competitors (especially free competitors) out of the market.

Re:No its not a joke

[Afrosheen]

I wonder what versions of NAV do this. I've used both versions 8 and 10 of NAV Corporate on many machines and have never once seen NAV identify Spybot S&D as spyware, malware, or anything else. It even skips past Ardamax Keylogger.

Let me guess...

[ErikTheRed]

Since the guidelines themselves aren't enumerated in TFA, I'm going to hazard a guess and say that "unremoveable software installed without your permission that modifies the way your computer works and spies on you is bad if it's installed by a corporation with a net income of less than nine figures, but it's ok if it's installed by a corporation with a net income of nine figures or more, because they know more about your computer than you do, they know what's best for their customers, and they need to protect their 1920's-style business model."

I guess now we just have to wait....

[revery]

...agreement by The Anti-Spyware Coalition on some standard methods for identifying and combating spyware. From the article: "The Anti-Spyware Coalition, whose members include Microsoft, Symantec, Computer Associates, McAfee, AOL and Yahoo, said on Thursday that it has finalized its spyware detection guidelines.

I guess now we just have to wait for the Spyware Coalition to agree to the demands that they write spyware to these specifications...

One for the, uhhhh....

[s31523]

... good guys, or bad guys? If the guidelines for detecting spyware are published and agreed upon, won't the spyware jockies use them to their advantage, like a slick tax accountant snaking through tax law holes?

It is an interesting idea...

[gallwapa]

...that we even have to deal with spyware. I understand the need for user convience, but, I would reckon that it is highly INCONVIENT to have your system open enough to get spyware. As I've said on many posts, I don't *get* spyware, or viri, or anything else. And I'm not an anal linux zealot who would like to see Gates assassinated becuase Windows does or does not do this or that. Windows is what it is - but I use windows, at work, and at home - yet I fail to get spyware with simple configuration. When is the last time spyware was able to execute using Firefox with NoScript (whitelisted javascript), reading the EULA's [aka don't download 5,500 'free' games] and not installing kazaa [aka reem my computer please]? The fact of the matter is spyware is a _user_ problem. If _users_ continue to click "next next next" and don't understand what they are installing, spyware will be a major part of the future. Eventually, though, the old and illiterate will die out and the technology generation will understand (hopefully) enough to read and comprehend.

Re:It is an interesting idea...

[evilviper]

The fact of the matter is spyware is a _user_ problem. If _users_ continue to click "next next next" and don't understand what they are installing, spyware will be a major part of the future.

Nope and nope.

Spyware does silently install itself thanks to Internet Explorer vulnerabilities, without the users clicking anything.

Even on my Windows test system, which I barely use, I've found myself to end-up with spyware... There are several programs out there that include spyware, but do not make any mention of it in their EULA. And once you get one spyware program installed, it will likely download and install others on it's own.

Spyware can not be prevented, even by the eternally vigilant, unless you have practically nothing installed on your computer. Sure, the people with 40 different "search bars" are probably not reading the EULAs, but even in that case, antivirus programs should remove it. Just because it's vaguely mentioned in an EULA doesn't make viruses legal.

Surprised...

[toupsie]

Why isn't Apple a member of this coalition? They are a major OS provider on the Intel platform.

Standards -- just what we DON"T need here

[thePowerOfGrayskull]

Then again, I'm sure the spyware authors would love to have a reference document, detailing how not to get caught.

This is a bunch of band-aids.. READ: Stupid

[brxndxn]

People are going about this whole 'fix the rampant spyware craze' the wrong way, IMO.

First of all, why doesn't anyone ask why this spyware exists?
    Let's try answering that.. Microsoft, in their infinite wisdom, decided to give developers more and more control over a user's computer system over the years. This means that even websites can now install software, disable right-clicks, open larger than the actual desktop screen, hide the close button, pop up alerts with a 'click to install' button underneath, etc.
    Also, by default, Internet Explorer and Windows XP are both very insecure. Internet Explorer allows a developer to completely compromise a system with one stray click - since XP defaults to running in administrator mode. Vista, I heard, is going to fix this problem - it's about fucking time.

Why should a typical user have to learn how to remove software on his own?
    He shouldn't be required to do this.

Who is to blame?
    Microsoft - NOT stupid users. There will always be stupid users and Windows is supposed to be made for stupid users.

How can Microsoft fix the spyware problem?
    - Patch quickly and often when holes are found.
    - Disable install on demand and any other intrusive ability by the developer to annoy or confuse the user in Internet Explorer.
    - Require actual acknowledgement (ie.. type admin password) when a program attempts to install. Also, alert the user (and give option to disable) whenever a software program attempts to stick itself in memory or startup, modify any files NOT in the program directory, or change the settings of other programs.
    - Do NOT allow the Windows uninstallation interface to be forced to 'rely' on the installed software. Instead, have a built-in install recorder and prompt the user if the program does not uninstall itself properly. (ie: "c:\windows\system 32\spyware.exe" has not been removed when SuperDuperSpywareRemoveproSunshineFucktheUser was uninstalled. Would you like to remove it?)

What should the other companies (besides Microsoft) do to promote fixing the spyware problem?
    - Finish this tutorial
    - SUE MICROSOFT for allowing such irresponsible open access by default in their monopoly OS.

What are some generalizations that Microsoft needs to change?
    - The fucking USER owns the computer; the USER should be in control - not developers.
    - Security and stability is paramount. Make things secure by default (like linux).
    - Quit letting every goddamn piece of software install itself in startup, a shortcut in every folder on the computer, and copy files to crucial system directories.
    - Promote the idea that any program should be able to run completely from the directory in which it is installed, which is controlled by the USER.

BTW, Microsoft, if you decide to use my advice, please send me a $check.

Seriously.. Windows XP is like if a car company decided to make locks on their cars an option and charge out the ass for it. Oh ya.. and the cars would be controlled ultimately by the corporations.. so if you intended to go to Burger King, your car would drive you to McDonald's instead.

Is spyware still a 'big issue'?

[ben_1432]

Is spyware still a 'big issue' these days?

I bought a shiney new laptop in September last year. Yesterday I finally downloaded MS AntiSpyware and ran it *for the first time*.

For the last 4 months or so, I've been casually browsing the internet, downloading at a whim etc, and all I've had between me and 'the bad guys' is:
- Service Pack 2 which came pre-installed,
- Symantec AntiVirus,
- D-Link router.

In these 4 months I've had
- no viruses *successfully* installed,
- no spyware installed,
- no browser hijacking/adware/whatever.

I'm using the computer with an Administrator account, and all the update/security settings are what XP recommended the first time I turned it on.

So I'm out and about browsing all over the web for the last 4 months and nothing's "got me". Who is still being "got" by spyware? The ones with bootleg XP's that can't install SP2?

serial number generator == spyware???

[mephinet]

The risk model seems like a good idea to me, summing up what we generally consider as ad- or spyware.
One point makes me wonder, though:

• Program generates serial numbers/registration keys. Medium

What has s/n generation to do with spyware? It does not reduce the system's security, does not reveil private data, and is probably installed on the machine because the user wants to generate a serial number!
Looks a bit as if the companies in the coalition are having trouble in keeping apart the PC owner's goals with their own...

Full list of Members

[Blazeix]

From there website, here is a list of members of the AntiSpyware Coalition

• Aluria, a division of Earthlink
• AOL
• Blue Coat Systems
• Canadian Coalition Against Unsolicited Commercial Email
• Canadian Internet Policy and Public Interest Clinic
• Center for Democracy & Technology
• CNET Download.com
• Computer Associates
• Cyber Security Industry Alliance
• Dell, Inc.
• Eset
• F-Secure Corporation
• Grisoft
• HP
• ICSA Labs
• Internet Education Foundation
• LANDesk
• Lavasoft
• McAfee Inc.
• Mi5 Networks
• Microsoft
• National Center for Victims of Crime
• National Cyber Security Alliance
• National Network to End Domestic Violence
• Panda Software
• PC Tools
• Safer-Networking Ltd.
• Samuelson Law, Technology & Public Policy Clinic at Boalt Hall,
• UC Berkeley School of Law
• Sophos
• SurfControl
• Symantec
• Tenebril
• Trend Micro
• Webroot Software
• Websense
• Yahoo! Inc.

Re:Terrorism

[hoggoth]

Sheesh. At least SOMEONE got the analogy.

Moderator: Um... This says terrorism; Um... The article says spyware; Um... Buzzwords don't match; Um... Must be offtopic.