Software Makers Fight Spyware Blacklist, Murky Definition

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

March 11, 2005
Software Makers Fight Spyware Blacklist, Murky Definition

Wary of silent intruders on her personal computer, Joanne Schrock
recently used a free program from America Online to scan for "spyware,"
the annoying software that can secretly track users' movements around
the Internet to do such things as dish up pop-up ads. She quickly
deleted all the programs that AOL identified as spyware.

It wasn't until the next day that Ms. Schrock realized she had erased
an online bowling game that her daughter likes to play. "I just thought
AOL says this is spyware ... and I needed to get it off my computer,"
says the 38-year-old mother of five in Wakarusa, Ind.

To computer users' relief, software that finds and eliminates spyware
is now widely available. But there's a hitch: There is little agreement
on what constitutes spyware, so antispyware software may also wipe out
programs that users want to keep.

Most broadly, spyware is software installed on a PC -- often
surreptitiously -- to gather information, which is relayed to
advertisers or merchants. Some spyware programs effectively hijack a
computer, spewing unwanted pop-up ads, clogging the computer's memory
or redirecting the home page of Internet browsers. More insidious
programs can transmit personal information such as passwords to
identity thieves. Spyware is incredibly widespread; market researcher
IDC estimates that two-thirds of consumer PCs harbor some form of it.

But one person's spyware is someone else's valued tracking tool. So
makers of many programs labeled as spyware now are fighting back
against spyware blacklists.

TrekEight LLC is a small San Marcos, Calif., maker of security
software, including an antispyware program. But TrekEight says its
antispyware program is itself labeled as spyware by a bigger rival,
Symantec Corp. TrekEight sued Symantec in U.S. District Court in
Southern California last July, claiming that the designation led to
"significant loss in sales and damage to its reputation."

TrekEight says Symantec deleted the program from users' computers, but
Symantec says it only flags the suspect software and the user decides
whether to delete it. The case is pending. A Symantec spokesman
declined to comment on the case.

Such disputes are percolating in Washington, where many lawmakers and
regulators want to clamp down on spyware. U.S. Rep. Mary Bono, a
California Republican, this year introduced a measure that would
require clearer disclosures to computer users, and their consent,
before any monitoring program could be installed on their PCs.
Discussion of the bill quickly prompted debates over the definition of
spyware. Ms. Bono recently revised the measure to exempt all "cookies,"
snippets of data stored on hard drives that are widely used by Web
merchants to recognize returning customers.

On Monday, the Federal Trade Commission urged the industry to develop a
common definition of spyware, as part of a report labeling spyware a
"serious and growing problem." Without a solid definition, the
commission warned, legislation or regulations to control spyware might
"inadvertently cover some types of beneficial or benign software."

Joe Davis would agree. Mr. Davis is chief executive of Coremetrics, a
closely held San Mateo, Calif., maker of software that analyzes the
effectiveness of online ad campaigns. Coremetrics' customers include
Williams-Sonoma Inc. and Bank of America Corp. But Mr. Davis says that
his company's program has been mislabeled as spyware by some companies.

The debates over how to define spyware are reminiscent of efforts a few
years ago to regulate spam, or unsolicited e-mail. Congress ultimately
approved a law requiring e-mail marketers to allow recipients to remove
their names from distribution lists, but it is generally viewed as
ineffective in slowing the flood of spam. Instead, antispam efforts
have fallen primarily to large Internet access providers, state
attorneys-general and volunteer programmers who have created their own
lists of spammers.

Likewise, makers of antispyware programs have developed their own lists
of software they consider suspect. Symantec, of Cupertino, Calif.,
defines spyware as any program that can potentially grab private
information. Vincent Weafer, a senior director at the company, says
Symantec's definition tends to be "more inclusive" than others. Mr.
Weafer says Symantec plans a new version of its program that will
identify troublesome software as high, medium, or low risks, to help
users decide whether to delete it.

Robert A. Clyde, Symantec's chief technology officer, says Symantec has
removed some programs from its spyware list after investigating
complaints that the programs were mislabeled. "The vast majority [of
complaints] are handled in an amicable fashion," he says.

Mr. Clyde says he wouldn't mind some help from the government in
defining spyware. "In order to stop it, you have to label it," he says.

America Online, which began offering its free antispyware program last
May, has roughly 400 suspect programs on its list. But complaints from
software vendors included on the list are increasing, says Andrew
Weinstein, a spokesman for the Time Warner Inc. unit. Mr. Weinstein
says AOL's program doesn't automatically delete any programs -- it
simply provides a list to users, who then decide whether to keep or
reject the software.

In at least two cases AOL removed programs from its spyware list:
SideStep Inc., a closely held online travel service that downloads a
program onto users' computers, and market researcher comScore Networks
Inc., which pays Internet users to place its software on their
computers to track their online behavior.

AOL says Ms. Schrock's game requires another program to run and that
program was accidentally included on AOL's recently updated list of
spyware threats. AOL says it has fixed the mistake. AOL doesn't have
any guidelines that software makers can follow to prove that they're
not spyware. Members of AOL, however, can inform the company that a
program is being mistakenly labeled as spyware.

Wild Tangent Inc., the Redmond, Wash., maker of the game favored by Ms.
Schrock's daughter, says it has appealed to makers of antispyware
programs to be removed from their lists. Online games are suspect
because some are used to load spyware onto users' computers. Sean
Vanderdasson, Wild Tangent's vice president of marketing, says his
company's games don't carry spyware, but its pleas are not always
successful. Makers of antispyware programs like to keep long lists of
suspect software, Mr. Vanderdasson says, because "the more fear they
create, the more software they can sell."

Re: Software Makers Fight Spyware Blacklist, Murky Definition

MrPepper11 wrote:
Quoted text here. Click to load it

True enough. Spyware is their bread and butter. No spyware, and they're
out of business. I wonder which side of the police state spyware
initiative the anti-spyware vendors are on?

Pro-spyware, or anti-spyware?

Re: Software Makers Fight Spyware Blacklist, Murky Definition

AvianFlux wrote:
Quoted text here. Click to load it

anti-spyware company turned out to be a scam:

WASHINGTON (Reuters) - A software vendor that tried to drum up sales by
offering to clean up nonexistent computer "spyware" has been
temporarily shut down, U.S. regulators said on Friday. The makers of
Spyware Assassin tried to scare consumers into buying software through
pop-up ads and e-mail that warned their computers had been infected
with malicious monitoring software, the Federal Trade Commission said.
Free spyware scans offered by Spokane, Washington-based MaxTheater Inc.
turned up evidence of spyware even on machines that were entirely
clean, and its $29.95 Spyware Assassin program did not actually remove
spyware, the FTC said. A U.S. court has ordered the company and its
owner, Thomas Delanoy, to suspend its activities until a court hearing
on Tuesday. The company could be required to give back all the money it
made from selling Spyware Assassin. MaxTheater could not be reached for

Re: Software Makers Fight Spyware Blacklist, Murky Definition

Quoted text here. Click to load it

  I've gotten chewed out more than once for removing Wild Tangent games
from people's computers. Now I'm beginning to wonder just how much of a
threat it is.
   "But that's my favorite game. I played it all the time!"

 -- Being "over the hill" is much better than being under it! --

Re: Software Makers Fight Spyware Blacklist, Murky Definition

MrPepper11 wrote:

Quoted text here. Click to load it

On a similar note, the Microsoft Beta tool highlights Real VNC as medium
risk because it can be used to take remote control of a PC. As far as I
know there isn't any malware in Real VNC and it's unjustified to
highlight it by an anti-spyware product.

I'd also suggest that it's up to the user to know what is on his/her PC
and remove that shouldn't be there, not to just blindly go and execute
every recomended action willy-nilly.

Re: Software Makers Fight Spyware Blacklist, Murky Definition

On Sat, 12 Mar 2005 12:58:33 +0000 (UTC), Martin

Quoted text here. Click to load it

Both Spybot and Adaware warn users about this.

Its also easy to disable kazza :)
Jim Watt 

Re: Software Makers Fight Spyware Blacklist, Murky Definition

Jim Watt wrote:
Quoted text here. Click to load it

fair comment :)

Quoted text here. Click to load it

Re: Software Makers Fight Spyware Blacklist, Murky Definition

Quoted text here. Click to load it

When you say that there isn't any malware in Real VNC, I think you're
missing the point. Spyware detection should be based on the capability
and behavior of the program, not the suspected motivation of the

If someone didn't know a program capable of allowing remote control of
their PC was there, why not tell them? It's their computer. If they
know the programs capabilities, and still want it there, fine.

Quoted text here. Click to load it

Using anti-spyware computers is an automated attempt for the user to
know what's on his computer and remove what shouldn't be there.

And when the number of actions recommended exceeds a certain
threshold, they will be executed willy-nilly. That is just human
nature. People whose computers have become infested with junk due
to their trusting of untrustworthy folks will decide to trust
their antispyware program in the hope that they made the right
decision this time.

The problem is not one of definition. The problem is one of behavior.
When good programs start acting like bad ones (auto-updates over the
net without asking for instance), even with the purest of motivation,
they have to expect to be classified as bad until proven otherwise.
And by "proven" I mean a credible explanation of why the behavior is
_necessary_ not just convenient for the programmers.


Re: Software Makers Fight Spyware Blacklist, Murky Definition


Quoted text here. Click to load it

Don't these folks realize that "innocent" software tracking stats for
BofA and Williams Somona is a violation of our privacy.  I don't even
participate in polls in person much less without my knowledge.


Re: Software Makers Fight Spyware Blacklist, Murky Definition

Joe Moore wrote:
Quoted text here. Click to load it

I'd normally agree with you, but it's kind of hard when it comes to VNC.

I've never heard of VNC trying to install itself from an ActiveX
commponant, or just from clicking on a web page or through P2P

It's huntable if you know what you're looking for, otherwise you'd never
come across it accidentally.

On their home page it states "The system allows several connections to
the same desktop, providing an invaluable tool for collaborative or
shared working in the workplace or classroom. Computer support within
the geographically spread family is an ever popular use."

It does what it says on the tin! So what else do people expect when they
install it?

Quoted text here. Click to load it

It says on the home page of their web site, so they know what it does
when they grab it.

 >It's their computer. If they
Quoted text here. Click to load it

Absolutly, but it's not spyware

Quoted text here. Click to load it

Do you have the same kind of users I have to deal with? I know you do :)

Ok, we all have them, "Martin, I deleted the program with the little
Teddy Bear because it's an unknown virus and ... " Microsoft
highlighting none spyware programs as possible spyware is making our job
harder not easier.

I'd have a lot more sympathy if VNC actually spread through
spam/ActiveX/malicious web sites etc. but they don't. I can see it now
that system admins are going to be tearing their hair out because MS
classify things like VNC as "possible danger" and they get deleted.

Quoted text here. Click to load it

I know, and I've done it myself at times :~ you DO tend to get a bit
"click happy"

Quoted text here. Click to load it

That means the anti- has to be accurate with the classification. Yes,
things like VNC are a potential security rick, but they are also a
godsend for admin types. They should not be highlighted by malware
scanners when they are not malware. I know the definition is hard
because a lot of what things like VNC do is what malware do, but there
is a vast difference in the use and implementation. I've met loads of
PCs with malware, I've never met one with an accidental install of VNC.

Quoted text here. Click to load it

Hee, not just the programmers :) I do agree with a lot of what you have
said. There is some responsability in the malware scanners to do a bit
of homework and not highlight none malware though.

I haven't tried yet, but presumably the MS tool will also throw up
things like Access-Remote, GoToMyPC, RemotePc....the real question is do
they also throw up Terminal Server? My guess is yes to the former and no
to the latter - but then I am cynical.

Quoted text here. Click to load it

Re: Software Makers Fight Spyware Blacklist, Murky Definition

Quoted text here. Click to load it

Furthermore, when people who went and purposefully installed it have it
removed by an antispyware program without their knowledge (see next
paragraph), what do they do?  Answer: they contact the Real VNC people
and complain that Real VNC stopped working.  This is not cool.

Numerous studies of end users have shown that they tend to not read
things their programs tell them--they just click the "OK" buttons and
hope for the best.  What this means is that most people are going to
follow whatever recommendations their antispyware programs make, without
reading them.  (Yes, this is the same phenomenon that leads people to
hitting OK on dialogs that ask them to accept spyware...kind of ironic,
isn't it?).

--Tim Smith

Re: Software Makers Fight Spyware Blacklist, Murky Definition

On Mon, 14 Mar 2005 08:01:20 GMT, Tim Smith

Quoted text here. Click to load it
Anyone who does that is a particularly ignorant pile of shit who does
not deserve to use that excellent user supported free software in the
first place.

OTOH its highly likely that anyone who is going to run MS anti
spyware software are not going to have VNC installed anyway.
Jim Watt 

Re: Software Makers Fight Spyware Blacklist, Murky Definition

Martin wrote:
Quoted text here. Click to load it


Quoted text here. Click to load it

I think it's still valid to flag it - for one particular environment
that is. How about a multi-user computer? What if my wife has installed
VNC or something else on my home PC? I'd like a scanning tool to report
it and let me decide what to do about it.

It shouldn't alert her to my keylogger though ;-)


Re: Software Makers Fight Spyware Blacklist, Murky Definition

Doug wrote:
Quoted text here. Click to load it


Site Timeline