Spyware and Adware Guidelines Released
Posted by Peter Mucklestone and Stuart Louie
The Anti-Spyware Coalition, a collection of anti-spyware vendors and consumer groups, recently released guidelines for public comment to help consumers assess products designed to defend against spyware and adware — unwanted programs that can “bombard [the user] with pop-up ads and drain [a PC’s] processing power to the point of rendering [the computer] unusable.”
With the proliferation of spyware and adware over the internet, internet users have increasingly become more cautious about visiting websites which could infect their PCs with these unwanted programs. Similarly, many internet users have also stopped using file-sharing software which can act as a conduit to disseminate spyware and adware. According to the Pew Internet and American Life Project, nearly 43% of all internet users have had their PCs infected with spyware and/or adware. Moreover, it is likely that the percentage of internet users exposed to spyware and adware will increase as broadband — generally believed to be the technology more at risk to such unwanted programs — becomes the industry standard.
The guidelines promulgated by the Anti-Spyware coalition attempt to assign risk levels to various actions performed by spyware and adware programs. For example, (i) spyware or adware that installs one or more programs without a user’s permission or knowledge, interferes with competing programs, intercepts email or instant-messenger conversations or displays ads without identifying the program that generated them, is considered high risk; (ii) spyware or adware that changes a browser’s homepage or search engine settings is considered medium risk; and (iii) spyware or adware that uses cookies to collect information is considered low risk. Despite the categorization of actions by risk level, the guidelines continue to warn internet users that “all behaviors can be problematic if unauthorized.”
The guidelines also attempt to draft uniform definitions for “spyware” and “adware.” As an interesting aside, by classifying “adware” under the term “Spyware and Other Potentially Unwanted Technologies,” the Anti-Spyware Coalition avoided taking any position on the issue regarding whether adware is a form of spyware — a key determination in lawsuits between adware developers and anti-spyware vendors.
By better defining the landscape of spyware and adware programs and educating consumers about such programs, the Anti-Spyware Coalition hopes that the guidelines will encourage the development of industry “best practices” for developers of adware and other programs to avoid being flagged by anti-spyware vendors.
The period for commenting on the guidelines prepared by the Anti-Spyware Coalition ends on November 27, 2005.