TELECOM Digest OnLine - Sorted: Can't Trust Spyware Protection?


Can't Trust Spyware Protection?


Andrew Brandt (tech-tuesday@telecom-digest.org)
Wed, 28 Sep 2005 22:10:44 -0500

by Andrew Brandt

The next time you run a scan with your anti-spyware tool, it might
miss some programs. Some adware companies, arguing that their software
is benign, have petitioned anti-spyware firms to stop warning
consumers about their software. Other companies have resorted to
sending cease-and-desist letters that threaten legal action.

In the past year, at least two anti-spyware firms' products
temporarily stopped detecting certain kinds of adware -- a process
called delisting. Last year, Lavasoft (maker of Ad-Aware) delisted
advertising software WhenU from its detection database. Lavasoft said
the delisting happened as the result of an employee error, and the
company quickly added WhenU back to Ad-Aware's detection list.

Computer Associates, which makes the PestPatrol anti-spyware tool,
temporarily delisted adware made by Claria after Claria asked to have
its software reevaluated, but Computer Associates later restored
detection of Claria to PestPatrol.

In most cases, it's difficult for customers to determine whether their
anti-spyware tool has delisted anything and, if so, which adware it
skips.

"When a spyware program gets delisted, users won't be aware of its
presence," says Harvard law student and spyware researcher Ben
Edelman. The practice, he says, "offers spyware makers a new lease on
life, letting them keep users who otherwise would have removed their
software."

Degrees of Spyware

Of course, some spyware apps are worse than others. One spyware
program may make severe changes to your computer's settings, while
another merely displays ads.

Claria and WhenU are making the case that their adware programs don't
resort to illegal tactics, such as exploiting security holes, to
install themselves. And though this software can be annoying, adware
developers argue that merely being listed in an anti-spyware scanner's
database tarnishes a company's reputation by linking its relatively
benign adware application with far more harmful and intrusive spyware
programs.

According to Avi Naider of WhenU, though some other adware companies
will track your Web meanderings and sell that data, WhenU's privacy
policy doesn't permit it to track the search queries that users type
or the Web pages that they browse.

Each anti-spyware firm uses its own set of criteria to decide whether
to remove or detect a file or Registry key related to spyware. Usually
even a few bad behaviors suffice to red-tag a file as spyware or
adware.

One company, Aluria Software, is taking a middle road when dealing
with some software that serves advertising. The company, which makes
an anti-spyware product called Spyware Eliminator, last year gave
WhenU's SaveNow toolbar its "Spyware Safe Certification," and now
categorizes WhenU's program as consumerware instead of spyware within
Spyware Eliminator. Aluria defines consumerware as "useful
applications, often given away free, [which] provide value to the end
user, pose no spyware risk, and are easily and completely removed" via
the Add or Remove Programs control panel. Spyware Eliminator still
gives users the option of automatically removing SaveNow if they
choose.

Aluria publishes a list of 26 criteria software must meet to be
declared Spyware Safe. Other software publishers disagree with that
approach. Peter Mackow of PCTools, maker of the Spyware Doctor
anti-spyware program, says that his company won't publish the entire
list of its criteria for fear that spyware companies will use the
information to design a spyware application that skirts every
rule. Many others who fight spyware share that position.

"The spyware guys want a really rigid set of rules defining spyware so
they can then make an end run around [all of them]," says Eric
L. Howes, who tracks the spyware business for Spywarewarrior.com and
consults for anti-spyware software companies.

Experts recommend that you employ two -- or even three -- anti-spyware
tools. The more you use, the likelier they are to counter the individ-
ual biases of each anti-spyware company.

To Delist or Not

It's unfair to permanently blacklist a company based on its past
behavior, so some delisting is inevitable. But delisting an adware
application is a dangerous proposition for anti-spyware developers. In
the past, some spyware and adware makers have changed their software
enough to get delisted, only to resume the activity that got them
flagged in the first place.

As a result, the anti-spyware industry has developed a thick skin.
Delisting is rare because, Edelman says, anti-spyware firms "stand up
to strongly worded demand letters."

Adware companies also decry the word spyware itself as inherently
negative, so some anti-spyware firms have tried to create terms that
mean essentially the same thing, using more-neutral language:
"grayware," "potentially unwanted programs," or "potentially unwanted
software." But Webroot CEO David Moll argues that matters could get
more confusing if the anti-spyware companies try to refer to spyware
by other names, just when many people are beginning to understand what
spyware can do.

Andrew Brandt is a PC World senior associate editor and author of the
monthly Privacy Watch column.

Copyright 2005 Yahoo! Inc. and Tech Tuesday

NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily.

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Monty Solomon: "Who Will Control Mobile Entertainment?"
Go to Previous message: Sinead Carew: "Top US Service Cingular to Sell Nokia E-Mail Phone"
Next in thread: hancock4@bbs.cpcn.com: "Re: Can't Trust Spyware Protection?"
May be reply: hancock4@bbs.cpcn.com: "Re: Can't Trust Spyware Protection?"
May be reply: George Berger: "Re: Can't Trust Spyware Protection?"
May be reply: beavis: "Re: Can't Trust Spyware Protection?"
TELECOM Digest: Home Page