An industry alliance formally defines "spyware,"a move that should help companies combat insidious intrusions.
- By Lafe Low
- January 01, 2006
Ask people to name today's greatest IT security threats and chances are
that spyware will rank highly on everyone's list. Then ask those same
people to define spyware -- and you're far less likely to get a consensus.
But that's changing now that an industry group has released an official
definition for spyware -- a move that can help you and your customers
more easily identify and deal with this potential threat.
The Anti-Spyware Coalition (ASC), a group of vendors, government agencies
and other organizations, joined forces in April 2005 to combat spyware.
Founding members include Microsoft, McAfee, Yahoo!, WebSense, the Cyber
Security Industry Alliance and the University of California-Berkeley School
of Law, among others.
Glossary of Selected Spyware Terms
Botnet A type of remote control software, specifically
a collection of software robots, or "bots,"
which run autonomously.
Browser Plug-In A software component that interacts
with a Web browser to provide capabilities or perform
functions not otherwise included in the browser.
Dialing Software Any program that utilizes a
computer's modem to make calls or access services.
Droneware Programs used to take remote control
of a computer; typically used to send spam remotely,
run denial-of-service attacks or host offensive Web
Drive-by Download The automatic download of
software to users' computers when they visit Web sites
or view HTML-formatted e-mail; the action is taken without
users' consent and often without their notice.
Hijacker System-modification software deployed
without adequate user notice, consent or control.
Keylogger (or Keystroke Logger) Tracking software
that records keyboard and/or mouse activity.
Rootkit A program that fraudulently gains or
maintains administrator level access; it may also execute
in a manner that prevents detection.
Trickler Automatic download software designed
to install or reinstall software by downloading slowly
in the background, without impairing other functions,
so that the activity is less noticeable.
Zombie A system that has been taken over using
remote control software.
Source: Anti-Spyware Coalition. For more information,
In July 2005, the ASC released a draft of its initial attempt to spell
out exactly what qualifies as spyware. After gathering public comment
for several months, the group hammered out a formal definition -- but
emphasized that it may change over time.
"We have issued our final document, but we want that to be a living
document," says David McGuire, communications director for the Washington,
D.C.-based Center for Democracy and Technology (CDT), an ASC founding
member. "Spyware evolves, so we need a document that is capable of
evolution as well."
Spyware, according to the ASC, represents "technologies deployed
without appropriate user consent and/or implemented in ways that impair
user control over:
- Material changes that affect user experience, privacy or system security
- Use of system resources, including what programs are installed on
- Collection, use and distribution of personal or other sensitive information.
Technologies covered by the definition include keyloggers, botnets,
rootkits, software dialers and hijackers, among others.
"The [new spyware] definitions will help users make more informed
decisions about which programs to keep and which to delete," says
Ari Schwartz, CDT associate director.
The definitions are also intended to protect anti-spyware vendors and
other software publishers. However, the ASC also developed a Vendor Dispute
and False Positive Resolution Process. Software publishers that feel their
programs have been inappropriately labeled as spyware can follow the organization's
recommended best practices to protest the designation. The ASC emphasizes,
though, that vendor disputes are addressed by anti-spyware companies and
software publishers themselves.
Lafe Low is the editorial liaison for ECG Events.