Anti-Spyware Coalition calls for debate

The Anti-Spyware Coalition (ASC) has released a public document that offers guidelines for detecting, rating and protecting against unwelcome programs. It also called for a public debate to help build awareness of the problems caused.

The group, whose members include AOL and Microsoft, also provided a definition of spyware and other potentially unwanted technologies as ‘programs deployed without sufficient user consent or that impair user control over any of the following: privacy, system security and user experience; use of their system resources; or collection, use and distribution of personal information.’

The ASC is collecting public comment on the document and plans to release a final version next year. The group said it expects the guidelines to set the stage for ‘best practices’ for the anti-spyware industry.

Richard Hales, country manager, F-Secure, and a member of the coalition, said: “The issue here is that most PC users have little or no idea what is going on beyond the viruses that they have heard about. They need to find the right tools to deal with it.”

But the coalition is having trouble gaining a high profile, partly as a result of reaching a hiatus last March when its members disagreed over the whether firms that create spyware should be allowed to join. Critics have also suggested that defining their technology more clearly will only make it easier for such companies to evade their blocking techniques.

“No, that is not the case,” said F-Secure’s Hales, “those firms are very savvy anyway. This is more about building awareness and debate around the subject.”

Spyware and adware are widely hated for their sneaky distribution methods, unauthorised data gathering, and the eating-up of a PC’s processing power. A typical adware program can sit in the background on a PC and plaster parts of the screen with ads every few seconds.

Although adware makers say there are legitimate uses for their programs, an entire anti-spyware sofware market has been spawned to fix the problems they cause.

ASC members include America Online, Computer Associates International, Hewlett Packard, Microsoft, and Yahoo, along with McAfee, Symantec, and Trend Micro, and anti-spyware specialist vendors Aluria Software and Webroot Software. The organisation also numbers the Canadian Internet Policy and Public Interest Clinic, the Cyber Security Industry Alliance, and The University of California Berkeley’s Samuelson Law, Technology, & Public Policy Clinic among its members.

ASC considers high-risk programs are those that replicate themselves via mass emails, worms, viruses and those that install themselves without a user’s permission or knowledge, via a security exploit, for example.

Other high-risk programs are those that intercept email or instant messages without user consent, transmit personally identifiable data, or change security settings. Using tracking cookies to collect information or running programs automatically without explicit user consent are considered low risk, according the guidelines.