Software Makers Fight Spyware Blacklist, Murky Definition

March 11, 2005
Software Makers Fight Spyware Blacklist, Murky Definition
By MYLENE MANGALINDAN
Staff Reporter of THE WALL STREET JOURNAL

Wary of silent intruders on her personal computer, Joanne Schrock
recently used a free program from America Online to scan for "spyware,"
the annoying software that can secretly track users' movements around
the Internet to do such things as dish up pop-up ads. She quickly
deleted all the programs that AOL identified as spyware.

It wasn't until the next day that Ms. Schrock realized she had erased
an online bowling game that her daughter likes to play. "I just thought
AOL says this is spyware ... and I needed to get it off my computer,"
says the 38-year-old mother of five in Wakarusa, Ind.

To computer users' relief, software that finds and eliminates spyware
is now widely available. But there's a hitch: There is little agreement
on what constitutes spyware, so antispyware software may also wipe out
programs that users want to keep.

Most broadly, spyware is software installed on a PC -- often
surreptitiously -- to gather information, which is relayed to
advertisers or merchants. Some spyware programs effectively hijack a
computer, spewing unwanted pop-up ads, clogging the computer's memory
or redirecting the home page of Internet browsers. More insidious
programs can transmit personal information such as passwords to
identity thieves. Spyware is incredibly widespread; market researcher
IDC estimates that two-thirds of consumer PCs harbor some form of it.

But one person's spyware is someone else's valued tracking tool. So
makers of many programs labeled as spyware now are fighting back
against spyware blacklists.

TrekEight LLC is a small San Marcos, Calif., maker of security
software, including an antispyware program. But TrekEight says its
antispyware program is itself labeled as spyware by a bigger rival,
Symantec Corp. TrekEight sued Symantec in U.S. District Court in
Southern California last July, claiming that the designation led to
"significant loss in sales and damage to its reputation."

TrekEight says Symantec deleted the program from users' computers, but
Symantec says it only flags the suspect software and the user decides
whether to delete it. The case is pending. A Symantec spokesman
declined to comment on the case.

Such disputes are percolating in Washington, where many lawmakers and
regulators want to clamp down on spyware. U.S. Rep. Mary Bono, a
California Republican, this year introduced a measure that would
require clearer disclosures to computer users, and their consent,
before any monitoring program could be installed on their PCs.
Discussion of the bill quickly prompted debates over the definition of
spyware. Ms. Bono recently revised the measure to exempt all "cookies,"
snippets of data stored on hard drives that are widely used by Web
merchants to recognize returning customers.

On Monday, the Federal Trade Commission urged the industry to develop a
common definition of spyware, as part of a report labeling spyware a
"serious and growing problem." Without a solid definition, the
commission warned, legislation or regulations to control spyware might
"inadvertently cover some types of beneficial or benign software."

Joe Davis would agree. Mr. Davis is chief executive of Coremetrics, a
closely held San Mateo, Calif., maker of software that analyzes the
effectiveness of online ad campaigns. Coremetrics' customers include
Williams-Sonoma Inc. and Bank of America Corp. But Mr. Davis says that
his company's program has been mislabeled as spyware by some companies.

The debates over how to define spyware are reminiscent of efforts a few
years ago to regulate spam, or unsolicited e-mail. Congress ultimately
approved a law requiring e-mail marketers to allow recipients to remove
their names from distribution lists, but it is generally viewed as
ineffective in slowing the flood of spam. Instead, antispam efforts
have fallen primarily to large Internet access providers, state
attorneys-general and volunteer programmers who have created their own
lists of spammers.

Likewise, makers of antispyware programs have developed their own lists
of software they consider suspect. Symantec, of Cupertino, Calif.,
defines spyware as any program that can potentially grab private
information. Vincent Weafer, a senior director at the company, says
Symantec's definition tends to be "more inclusive" than others. Mr.
Weafer says Symantec plans a new version of its program that will
identify troublesome software as high, medium, or low risks, to help
users decide whether to delete it.

Robert A. Clyde, Symantec's chief technology officer, says Symantec has
removed some programs from its spyware list after investigating
complaints that the programs were mislabeled. "The vast majority [of
complaints] are handled in an amicable fashion," he says.

Mr. Clyde says he wouldn't mind some help from the government in
defining spyware. "In order to stop it, you have to label it," he says.

America Online, which began offering its free antispyware program last
May, has roughly 400 suspect programs on its list. But complaints from
software vendors included on the list are increasing, says Andrew
Weinstein, a spokesman for the Time Warner Inc. unit. Mr. Weinstein
says AOL's program doesn't automatically delete any programs -- it
simply provides a list to users, who then decide whether to keep or
reject the software.

In at least two cases AOL removed programs from its spyware list:
SideStep Inc., a closely held online travel service that downloads a
program onto users' computers, and market researcher comScore Networks
Inc., which pays Internet users to place its software on their
computers to track their online behavior.

AOL says Ms. Schrock's game requires another program to run and that
program was accidentally included on AOL's recently updated list of
spyware threats. AOL says it has fixed the mistake. AOL doesn't have
any guidelines that software makers can follow to prove that they're
not spyware. Members of AOL, however, can inform the company that a
program is being mistakenly labeled as spyware.

Wild Tangent Inc., the Redmond, Wash., maker of the game favored by Ms.
Schrock's daughter, says it has appealed to makers of antispyware
programs to be removed from their lists. Online games are suspect
because some are used to load spyware onto users' computers. Sean
Vanderdasson, Wild Tangent's vice president of marketing, says his
company's games don't carry spyware, but its pleas are not always
successful. Makers of antispyware programs like to keep long lists of
suspect software, Mr. Vanderdasson says, because "the more fear they
create, the more software they can sell."

MrPepper11

MrPepper11 wrote:
> Makers of antispyware programs like to keep long lists of
> suspect software, Mr. Vanderdasson says, because "the more fear they
> create, the more software they can sell."

True enough. Spyware is their bread and butter. No spyware, and they're
out of business. I wonder which side of the police state spyware
initiative the anti-spyware vendors are on?

Pro-spyware, or anti-spyware?

AvianFlux

AvianFlux wrote:
> MrPepper11 wrote:
> > Makers of antispyware programs like to keep long lists of
> > suspect software, Mr. Vanderdasson says, because "the more fear
they
> > create, the more software they can sell."
>
> True enough. Spyware is their bread and butter. No spyware, and
they're
> out of business. I wonder which side of the police state spyware
> initiative the anti-spyware vendors are on?
>
> Pro-spyware, or anti-spyware?

anti-spyware company turned out to be a scam:

WASHINGTON (Reuters) - A software vendor that tried to drum up sales by
offering to clean up nonexistent computer "spyware" has been
temporarily shut down, U.S. regulators said on Friday. The makers of
Spyware Assassin tried to scare consumers into buying software through
pop-up ads and e-mail that warned their computers had been infected
with malicious monitoring software, the Federal Trade Commission said.
Free spyware scans offered by Spokane, Washington-based MaxTheater Inc.
turned up evidence of spyware even on machines that were entirely
clean, and its $29.95 Spyware Assassin program did not actually remove
spyware, the FTC said. A U.S. court has ordered the company and its
owner, Thomas Delanoy, to suspend its activities until a court hearing
on Tuesday. The company could be required to give back all the money it
made from selling Spyware Assassin. MaxTheater could not be reached for
comment.

s_sfad@yahoo.com

"MrPepper11" <> wrote in news:1110594439.352799.8190
@o13g2000cwo.googlegroups.com:

<----snip---->
> Wild Tangent Inc., the Redmond, Wash., maker of the game favored by Ms.
> Schrock's daughter, says it has appealed to makers of antispyware
> programs to be removed from their lists. Online games are suspect
> because some are used to load spyware onto users' computers. Sean
> Vanderdasson, Wild Tangent's vice president of marketing, says his
> company's games don't carry spyware, but its pleas are not always
> successful.

I've gotten chewed out more than once for removing Wild Tangent games
from people's computers. Now I'm beginning to wonder just how much of a
threat it is.
"But that's my favorite game. I played it all the time!"

--
-- Being "over the hill" is much better than being under it! --

Lil' Abner

MrPepper11 wrote:

> In at least two cases AOL removed programs from its spyware list:
> SideStep Inc., a closely held online travel service that downloads a
> program onto users' computers, and market researcher comScore Networks
> Inc., which pays Internet users to place its software on their
> computers to track their online behavior.

On a similar note, the Microsoft Beta tool highlights Real VNC as medium
risk because it can be used to take remote control of a PC. As far as I
know there isn't any malware in Real VNC and it's unjustified to
highlight it by an anti-spyware product.

I'd also suggest that it's up to the user to know what is on his/her PC
and remove that shouldn't be there, not to just blindly go and execute
every recomended action willy-nilly.

Martin

On Sat, 12 Mar 2005 12:58:33 +0000 (UTC), Martin
<> wrote:

>I'd also suggest that it's up to the user to know what is on his/her PC
>and remove that shouldn't be there, not to just blindly go and execute
>every recomended action willy-nilly.

Both Spybot and Adaware warn users about this.

Its also easy to disable kazza
--
Jim Watt
http://www.gibnet.com

Jim Watt

Martin <> wrote:

>MrPepper11 wrote:
>
>> In at least two cases AOL removed programs from its spyware list:
>> SideStep Inc., a closely held online travel service that downloads a
>> program onto users' computers, and market researcher comScore Networks
>> Inc., which pays Internet users to place its software on their
>> computers to track their online behavior.
>
>On a similar note, the Microsoft Beta tool highlights Real VNC as medium
>risk because it can be used to take remote control of a PC. As far as I
>know there isn't any malware in Real VNC and it's unjustified to
>highlight it by an anti-spyware product.

When you say that there isn't any malware in Real VNC, I think you're
missing the point. Spyware detection should be based on the capability
and behavior of the program, not the suspected motivation of the
installer.

If someone didn't know a program capable of allowing remote control of
their PC was there, why not tell them? It's their computer. If they
know the programs capabilities, and still want it there, fine.

>I'd also suggest that it's up to the user to know what is on his/her PC
>and remove that shouldn't be there, not to just blindly go and execute
>every recomended action willy-nilly.

Using anti-spyware computers is an automated attempt for the user to
know what's on his computer and remove what shouldn't be there.

And when the number of actions recommended exceeds a certain
threshold, they will be executed willy-nilly. That is just human
nature. People whose computers have become infested with junk due
to their trusting of untrustworthy folks will decide to trust
their antispyware program in the hope that they made the right
decision this time.

The problem is not one of definition. The problem is one of behavior.
When good programs start acting like bad ones (auto-updates over the
net without asking for instance), even with the purest of motivation,
they have to expect to be classified as bad until proven otherwise.
And by "proven" I mean a credible explanation of why the behavior is
_necessary_ not just convenient for the programmers.


joemooreaterolsdotcom

Joe Moore

On Sat, 12 Mar 2005 16:11:57 GMT, Joe Moore <>
wrote:

>Martin <> wrote:
>
>>MrPepper11 wrote:
>>
>>> In at least two cases AOL removed programs from its spyware list:
>>> SideStep Inc., a closely held online travel service that downloads a
>>> program onto users' computers, and market researcher comScore Networks
>>> Inc., which pays Internet users to place its software on their
>>> computers to track their online behavior.
>>
>>On a similar note, the Microsoft Beta tool highlights Real VNC as medium
>>risk because it can be used to take remote control of a PC. As far as I
>>know there isn't any malware in Real VNC and it's unjustified to
>>highlight it by an anti-spyware product.
>
>When you say that there isn't any malware in Real VNC, I think you're
>missing the point. Spyware detection should be based on the capability
>and behavior of the program, not the suspected motivation of the
>installer.
>
>If someone didn't know a program capable of allowing remote control of
>their PC was there, why not tell them? It's their computer. If they
>know the programs capabilities, and still want it there, fine.
>
>>I'd also suggest that it's up to the user to know what is on his/her PC
>>and remove that shouldn't be there, not to just blindly go and execute
>>every recomended action willy-nilly.
>
>Using anti-spyware computers is an automated attempt for the user to
>know what's on his computer and remove what shouldn't be there.
>
>And when the number of actions recommended exceeds a certain
>threshold, they will be executed willy-nilly. That is just human
>nature. People whose computers have become infested with junk due
>to their trusting of untrustworthy folks will decide to trust
>their antispyware program in the hope that they made the right
>decision this time.
>
>The problem is not one of definition. The problem is one of behavior.
>When good programs start acting like bad ones (auto-updates over the
>net without asking for instance), even with the purest of motivation,
>they have to expect to be classified as bad until proven otherwise.
>And by "proven" I mean a credible explanation of why the behavior is
>_necessary_ not just convenient for the programmers.
>
>
>joemooreaterolsdotcom

Don't these folks realize that "innocent" software tracking stats for
BofA and Williams Somona is a violation of our privacy. I don't even
participate in polls in person much less without my knowledge.

George

george

Jim Watt wrote:
> On Sat, 12 Mar 2005 12:58:33 +0000 (UTC), Martin
> <> wrote:
>
>
>>I'd also suggest that it's up to the user to know what is on his/her PC
>>and remove that shouldn't be there, not to just blindly go and execute
>>every recomended action willy-nilly.
>
>
> Both Spybot and Adaware warn users about this.
>
> Its also easy to disable kazza

fair comment

> --
> Jim Watt
> http://www.gibnet.com

Martin

Joe Moore wrote:
> Martin <> wrote:
>
>
>>MrPepper11 wrote:
>>
>>
>>>In at least two cases AOL removed programs from its spyware list:
>>>SideStep Inc., a closely held online travel service that downloads a
>>>program onto users' computers, and market researcher comScore Networks
>>>Inc., which pays Internet users to place its software on their
>>>computers to track their online behavior.
>>
>>On a similar note, the Microsoft Beta tool highlights Real VNC as medium
>>risk because it can be used to take remote control of a PC. As far as I
>>know there isn't any malware in Real VNC and it's unjustified to
>>highlight it by an anti-spyware product.
>
>
> When you say that there isn't any malware in Real VNC, I think you're
> missing the point. Spyware detection should be based on the capability
> and behavior of the program, not the suspected motivation of the
> installer.

I'd normally agree with you, but it's kind of hard when it comes to VNC.

I've never heard of VNC trying to install itself from an ActiveX
commponant, or just from clicking on a web page or through P2P

It's huntable if you know what you're looking for, otherwise you'd never
come across it accidentally.

On their home page it states "The system allows several connections to
the same desktop, providing an invaluable tool for collaborative or
shared working in the workplace or classroom. Computer support within
the geographically spread family is an ever popular use."

It does what it says on the tin! So what else do people expect when they
install it?

> If someone didn't know a program capable of allowing remote control of
> their PC was there, why not tell them?

It says on the home page of their web site, so they know what it does
when they grab it.

>It's their computer. If they
> know the programs capabilities, and still want it there, fine.

Absolutly, but it's not spyware

>>I'd also suggest that it's up to the user to know what is on his/her PC
>>and remove that shouldn't be there, not to just blindly go and execute
>>every recomended action willy-nilly.
>
>
> Using anti-spyware computers is an automated attempt for the user to
> know what's on his computer and remove what shouldn't be there.

Do you have the same kind of users I have to deal with? I know you do

Ok, we all have them, "Martin, I deleted the program with the little
Teddy Bear because it's an unknown virus and ... " Microsoft
highlighting none spyware programs as possible spyware is making our job
harder not easier.

I'd have a lot more sympathy if VNC actually spread through
spam/ActiveX/malicious web sites etc. but they don't. I can see it now
that system admins are going to be tearing their hair out because MS
classify things like VNC as "possible danger" and they get deleted.

> And when the number of actions recommended exceeds a certain
> threshold, they will be executed willy-nilly.

I know, and I've done it myself at times :~ you DO tend to get a bit
"click happy"

> That is just human
> nature. People whose computers have become infested with junk due
> to their trusting of untrustworthy folks will decide to trust
> their antispyware program in the hope that they made the right
> decision this time.

That means the anti- has to be accurate with the classification. Yes,
things like VNC are a potential security rick, but they are also a
godsend for admin types. They should not be highlighted by malware
scanners when they are not malware. I know the definition is hard
because a lot of what things like VNC do is what malware do, but there
is a vast difference in the use and implementation. I've met loads of
PCs with malware, I've never met one with an accidental install of VNC.

> The problem is not one of definition. The problem is one of behavior.
> When good programs start acting like bad ones (auto-updates over the
> net without asking for instance), even with the purest of motivation,
> they have to expect to be classified as bad until proven otherwise.
> And by "proven" I mean a credible explanation of why the behavior is
> _necessary_ not just convenient for the programmers.

Hee, not just the programmers I do agree with a lot of what you have
said. There is some responsability in the malware scanners to do a bit
of homework and not highlight none malware though.

I haven't tried yet, but presumably the MS tool will also throw up
things like Access-Remote, GoToMyPC, RemotePc....the real question is do
they also throw up Terminal Server? My guess is yes to the former and no
to the latter - but then I am cynical.

>
> joemooreaterolsdotcom

Martin