Software Makers Fight Spyware Blacklist, Murky Definition

Discussion in 'Computer Security' started by MrPepper11, Mar 12, 2005.

  1. MrPepper11

    MrPepper11 Guest

    March 11, 2005
    Software Makers Fight Spyware Blacklist, Murky Definition
    By MYLENE MANGALINDAN
    Staff Reporter of THE WALL STREET JOURNAL

    Wary of silent intruders on her personal computer, Joanne Schrock
    recently used a free program from America Online to scan for "spyware,"
    the annoying software that can secretly track users' movements around
    the Internet to do such things as dish up pop-up ads. She quickly
    deleted all the programs that AOL identified as spyware.

    It wasn't until the next day that Ms. Schrock realized she had erased
    an online bowling game that her daughter likes to play. "I just thought
    AOL says this is spyware ... and I needed to get it off my computer,"
    says the 38-year-old mother of five in Wakarusa, Ind.

    To computer users' relief, software that finds and eliminates spyware
    is now widely available. But there's a hitch: There is little agreement
    on what constitutes spyware, so antispyware software may also wipe out
    programs that users want to keep.

    Most broadly, spyware is software installed on a PC -- often
    surreptitiously -- to gather information, which is relayed to
    advertisers or merchants. Some spyware programs effectively hijack a
    computer, spewing unwanted pop-up ads, clogging the computer's memory
    or redirecting the home page of Internet browsers. More insidious
    programs can transmit personal information such as passwords to
    identity thieves. Spyware is incredibly widespread; market researcher
    IDC estimates that two-thirds of consumer PCs harbor some form of it.

    But one person's spyware is someone else's valued tracking tool. So
    makers of many programs labeled as spyware now are fighting back
    against spyware blacklists.

    TrekEight LLC is a small San Marcos, Calif., maker of security
    software, including an antispyware program. But TrekEight says its
    antispyware program is itself labeled as spyware by a bigger rival,
    Symantec Corp. TrekEight sued Symantec in U.S. District Court in
    Southern California last July, claiming that the designation led to
    "significant loss in sales and damage to its reputation."

    TrekEight says Symantec deleted the program from users' computers, but
    Symantec says it only flags the suspect software and the user decides
    whether to delete it. The case is pending. A Symantec spokesman
    declined to comment on the case.

    Such disputes are percolating in Washington, where many lawmakers and
    regulators want to clamp down on spyware. U.S. Rep. Mary Bono, a
    California Republican, this year introduced a measure that would
    require clearer disclosures to computer users, and their consent,
    before any monitoring program could be installed on their PCs.
    Discussion of the bill quickly prompted debates over the definition of
    spyware. Ms. Bono recently revised the measure to exempt all "cookies,"
    snippets of data stored on hard drives that are widely used by Web
    merchants to recognize returning customers.

    On Monday, the Federal Trade Commission urged the industry to develop a
    common definition of spyware, as part of a report labeling spyware a
    "serious and growing problem." Without a solid definition, the
    commission warned, legislation or regulations to control spyware might
    "inadvertently cover some types of beneficial or benign software."

    Joe Davis would agree. Mr. Davis is chief executive of Coremetrics, a
    closely held San Mateo, Calif., maker of software that analyzes the
    effectiveness of online ad campaigns. Coremetrics' customers include
    Williams-Sonoma Inc. and Bank of America Corp. But Mr. Davis says that
    his company's program has been mislabeled as spyware by some companies.

    The debates over how to define spyware are reminiscent of efforts a few
    years ago to regulate spam, or unsolicited e-mail. Congress ultimately
    approved a law requiring e-mail marketers to allow recipients to remove
    their names from distribution lists, but it is generally viewed as
    ineffective in slowing the flood of spam. Instead, antispam efforts
    have fallen primarily to large Internet access providers, state
    attorneys-general and volunteer programmers who have created their own
    lists of spammers.

    Likewise, makers of antispyware programs have developed their own lists
    of software they consider suspect. Symantec, of Cupertino, Calif.,
    defines spyware as any program that can potentially grab private
    information. Vincent Weafer, a senior director at the company, says
    Symantec's definition tends to be "more inclusive" than others. Mr.
    Weafer says Symantec plans a new version of its program that will
    identify troublesome software as high, medium, or low risks, to help
    users decide whether to delete it.

    Robert A. Clyde, Symantec's chief technology officer, says Symantec has
    removed some programs from its spyware list after investigating
    complaints that the programs were mislabeled. "The vast majority [of
    complaints] are handled in an amicable fashion," he says.

    Mr. Clyde says he wouldn't mind some help from the government in
    defining spyware. "In order to stop it, you have to label it," he says.

    America Online, which began offering its free antispyware program last
    May, has roughly 400 suspect programs on its list. But complaints from
    software vendors included on the list are increasing, says Andrew
    Weinstein, a spokesman for the Time Warner Inc. unit. Mr. Weinstein
    says AOL's program doesn't automatically delete any programs -- it
    simply provides a list to users, who then decide whether to keep or
    reject the software.

    In at least two cases AOL removed programs from its spyware list:
    SideStep Inc., a closely held online travel service that downloads a
    program onto users' computers, and market researcher comScore Networks
    Inc., which pays Internet users to place its software on their
    computers to track their online behavior.

    AOL says Ms. Schrock's game requires another program to run and that
    program was accidentally included on AOL's recently updated list of
    spyware threats. AOL says it has fixed the mistake. AOL doesn't have
    any guidelines that software makers can follow to prove that they're
    not spyware. Members of AOL, however, can inform the company that a
    program is being mistakenly labeled as spyware.

    Wild Tangent Inc., the Redmond, Wash., maker of the game favored by Ms.
    Schrock's daughter, says it has appealed to makers of antispyware
    programs to be removed from their lists. Online games are suspect
    because some are used to load spyware onto users' computers. Sean
    Vanderdasson, Wild Tangent's vice president of marketing, says his
    company's games don't carry spyware, but its pleas are not always
    successful. Makers of antispyware programs like to keep long lists of
    suspect software, Mr. Vanderdasson says, because "the more fear they
    create, the more software they can sell."
     
    MrPepper11, Mar 12, 2005
    #1
    1. Advertising

  2. MrPepper11

    AvianFlux Guest

    MrPepper11 wrote:
    > Makers of antispyware programs like to keep long lists of
    > suspect software, Mr. Vanderdasson says, because "the more fear they
    > create, the more software they can sell."


    True enough. Spyware is their bread and butter. No spyware, and they're
    out of business. I wonder which side of the police state spyware
    initiative the anti-spyware vendors are on?

    Pro-spyware, or anti-spyware?
     
    AvianFlux, Mar 12, 2005
    #2
    1. Advertising

  3. MrPepper11

    Guest

    AvianFlux wrote:
    > MrPepper11 wrote:
    > > Makers of antispyware programs like to keep long lists of
    > > suspect software, Mr. Vanderdasson says, because "the more fear

    they
    > > create, the more software they can sell."

    >
    > True enough. Spyware is their bread and butter. No spyware, and

    they're
    > out of business. I wonder which side of the police state spyware
    > initiative the anti-spyware vendors are on?
    >
    > Pro-spyware, or anti-spyware?


    anti-spyware company turned out to be a scam:

    WASHINGTON (Reuters) - A software vendor that tried to drum up sales by
    offering to clean up nonexistent computer "spyware" has been
    temporarily shut down, U.S. regulators said on Friday. The makers of
    Spyware Assassin tried to scare consumers into buying software through
    pop-up ads and e-mail that warned their computers had been infected
    with malicious monitoring software, the Federal Trade Commission said.
    Free spyware scans offered by Spokane, Washington-based MaxTheater Inc.
    turned up evidence of spyware even on machines that were entirely
    clean, and its $29.95 Spyware Assassin program did not actually remove
    spyware, the FTC said. A U.S. court has ordered the company and its
    owner, Thomas Delanoy, to suspend its activities until a court hearing
    on Tuesday. The company could be required to give back all the money it
    made from selling Spyware Assassin. MaxTheater could not be reached for
    comment.
     
    , Mar 12, 2005
    #3
  4. MrPepper11

    Lil' Abner Guest

    "MrPepper11" <> wrote in news:1110594439.352799.8190
    @o13g2000cwo.googlegroups.com:

    <----snip---->
    > Wild Tangent Inc., the Redmond, Wash., maker of the game favored by Ms.
    > Schrock's daughter, says it has appealed to makers of antispyware
    > programs to be removed from their lists. Online games are suspect
    > because some are used to load spyware onto users' computers. Sean
    > Vanderdasson, Wild Tangent's vice president of marketing, says his
    > company's games don't carry spyware, but its pleas are not always
    > successful.


    I've gotten chewed out more than once for removing Wild Tangent games
    from people's computers. Now I'm beginning to wonder just how much of a
    threat it is.
    "But that's my favorite game. I played it all the time!"

    --
    -- Being "over the hill" is much better than being under it! --
     
    Lil' Abner, Mar 12, 2005
    #4
  5. MrPepper11

    Martin Guest

    MrPepper11 wrote:

    > In at least two cases AOL removed programs from its spyware list:
    > SideStep Inc., a closely held online travel service that downloads a
    > program onto users' computers, and market researcher comScore Networks
    > Inc., which pays Internet users to place its software on their
    > computers to track their online behavior.


    On a similar note, the Microsoft Beta tool highlights Real VNC as medium
    risk because it can be used to take remote control of a PC. As far as I
    know there isn't any malware in Real VNC and it's unjustified to
    highlight it by an anti-spyware product.

    I'd also suggest that it's up to the user to know what is on his/her PC
    and remove that shouldn't be there, not to just blindly go and execute
    every recomended action willy-nilly.
     
    Martin, Mar 12, 2005
    #5
  6. MrPepper11

    Jim Watt Guest

    On Sat, 12 Mar 2005 12:58:33 +0000 (UTC), Martin
    <> wrote:

    >I'd also suggest that it's up to the user to know what is on his/her PC
    >and remove that shouldn't be there, not to just blindly go and execute
    >every recomended action willy-nilly.


    Both Spybot and Adaware warn users about this.

    Its also easy to disable kazza :)
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Mar 12, 2005
    #6
  7. MrPepper11

    Joe Moore Guest

    Martin <> wrote:

    >MrPepper11 wrote:
    >
    >> In at least two cases AOL removed programs from its spyware list:
    >> SideStep Inc., a closely held online travel service that downloads a
    >> program onto users' computers, and market researcher comScore Networks
    >> Inc., which pays Internet users to place its software on their
    >> computers to track their online behavior.

    >
    >On a similar note, the Microsoft Beta tool highlights Real VNC as medium
    >risk because it can be used to take remote control of a PC. As far as I
    >know there isn't any malware in Real VNC and it's unjustified to
    >highlight it by an anti-spyware product.


    When you say that there isn't any malware in Real VNC, I think you're
    missing the point. Spyware detection should be based on the capability
    and behavior of the program, not the suspected motivation of the
    installer.

    If someone didn't know a program capable of allowing remote control of
    their PC was there, why not tell them? It's their computer. If they
    know the programs capabilities, and still want it there, fine.

    >I'd also suggest that it's up to the user to know what is on his/her PC
    >and remove that shouldn't be there, not to just blindly go and execute
    >every recomended action willy-nilly.


    Using anti-spyware computers is an automated attempt for the user to
    know what's on his computer and remove what shouldn't be there.

    And when the number of actions recommended exceeds a certain
    threshold, they will be executed willy-nilly. That is just human
    nature. People whose computers have become infested with junk due
    to their trusting of untrustworthy folks will decide to trust
    their antispyware program in the hope that they made the right
    decision this time.

    The problem is not one of definition. The problem is one of behavior.
    When good programs start acting like bad ones (auto-updates over the
    net without asking for instance), even with the purest of motivation,
    they have to expect to be classified as bad until proven otherwise.
    And by "proven" I mean a credible explanation of why the behavior is
    _necessary_ not just convenient for the programmers.


    joemooreaterolsdotcom
     
    Joe Moore, Mar 12, 2005
    #7
  8. MrPepper11

    george Guest

    On Sat, 12 Mar 2005 16:11:57 GMT, Joe Moore <>
    wrote:

    >Martin <> wrote:
    >
    >>MrPepper11 wrote:
    >>
    >>> In at least two cases AOL removed programs from its spyware list:
    >>> SideStep Inc., a closely held online travel service that downloads a
    >>> program onto users' computers, and market researcher comScore Networks
    >>> Inc., which pays Internet users to place its software on their
    >>> computers to track their online behavior.

    >>
    >>On a similar note, the Microsoft Beta tool highlights Real VNC as medium
    >>risk because it can be used to take remote control of a PC. As far as I
    >>know there isn't any malware in Real VNC and it's unjustified to
    >>highlight it by an anti-spyware product.

    >
    >When you say that there isn't any malware in Real VNC, I think you're
    >missing the point. Spyware detection should be based on the capability
    >and behavior of the program, not the suspected motivation of the
    >installer.
    >
    >If someone didn't know a program capable of allowing remote control of
    >their PC was there, why not tell them? It's their computer. If they
    >know the programs capabilities, and still want it there, fine.
    >
    >>I'd also suggest that it's up to the user to know what is on his/her PC
    >>and remove that shouldn't be there, not to just blindly go and execute
    >>every recomended action willy-nilly.

    >
    >Using anti-spyware computers is an automated attempt for the user to
    >know what's on his computer and remove what shouldn't be there.
    >
    >And when the number of actions recommended exceeds a certain
    >threshold, they will be executed willy-nilly. That is just human
    >nature. People whose computers have become infested with junk due
    >to their trusting of untrustworthy folks will decide to trust
    >their antispyware program in the hope that they made the right
    >decision this time.
    >
    >The problem is not one of definition. The problem is one of behavior.
    >When good programs start acting like bad ones (auto-updates over the
    >net without asking for instance), even with the purest of motivation,
    >they have to expect to be classified as bad until proven otherwise.
    >And by "proven" I mean a credible explanation of why the behavior is
    >_necessary_ not just convenient for the programmers.
    >
    >
    >joemooreaterolsdotcom


    Don't these folks realize that "innocent" software tracking stats for
    BofA and Williams Somona is a violation of our privacy. I don't even
    participate in polls in person much less without my knowledge.

    George
     
    george, Mar 12, 2005
    #8
  9. MrPepper11

    Martin Guest

    Jim Watt wrote:
    > On Sat, 12 Mar 2005 12:58:33 +0000 (UTC), Martin
    > <> wrote:
    >
    >
    >>I'd also suggest that it's up to the user to know what is on his/her PC
    >>and remove that shouldn't be there, not to just blindly go and execute
    >>every recomended action willy-nilly.

    >
    >
    > Both Spybot and Adaware warn users about this.
    >
    > Its also easy to disable kazza :)


    fair comment :)

    > --
    > Jim Watt
    > http://www.gibnet.com
     
    Martin, Mar 13, 2005
    #9
  10. MrPepper11

    Martin Guest

    Joe Moore wrote:
    > Martin <> wrote:
    >
    >
    >>MrPepper11 wrote:
    >>
    >>
    >>>In at least two cases AOL removed programs from its spyware list:
    >>>SideStep Inc., a closely held online travel service that downloads a
    >>>program onto users' computers, and market researcher comScore Networks
    >>>Inc., which pays Internet users to place its software on their
    >>>computers to track their online behavior.

    >>
    >>On a similar note, the Microsoft Beta tool highlights Real VNC as medium
    >>risk because it can be used to take remote control of a PC. As far as I
    >>know there isn't any malware in Real VNC and it's unjustified to
    >>highlight it by an anti-spyware product.

    >
    >
    > When you say that there isn't any malware in Real VNC, I think you're
    > missing the point. Spyware detection should be based on the capability
    > and behavior of the program, not the suspected motivation of the
    > installer.


    I'd normally agree with you, but it's kind of hard when it comes to VNC.

    I've never heard of VNC trying to install itself from an ActiveX
    commponant, or just from clicking on a web page or through P2P

    It's huntable if you know what you're looking for, otherwise you'd never
    come across it accidentally.

    On their home page it states "The system allows several connections to
    the same desktop, providing an invaluable tool for collaborative or
    shared working in the workplace or classroom. Computer support within
    the geographically spread family is an ever popular use."

    It does what it says on the tin! So what else do people expect when they
    install it?

    > If someone didn't know a program capable of allowing remote control of
    > their PC was there, why not tell them?


    It says on the home page of their web site, so they know what it does
    when they grab it.

    >It's their computer. If they
    > know the programs capabilities, and still want it there, fine.


    Absolutly, but it's not spyware

    >>I'd also suggest that it's up to the user to know what is on his/her PC
    >>and remove that shouldn't be there, not to just blindly go and execute
    >>every recomended action willy-nilly.

    >
    >
    > Using anti-spyware computers is an automated attempt for the user to
    > know what's on his computer and remove what shouldn't be there.


    Do you have the same kind of users I have to deal with? I know you do :)

    Ok, we all have them, "Martin, I deleted the program with the little
    Teddy Bear because it's an unknown virus and ... " Microsoft
    highlighting none spyware programs as possible spyware is making our job
    harder not easier.

    I'd have a lot more sympathy if VNC actually spread through
    spam/ActiveX/malicious web sites etc. but they don't. I can see it now
    that system admins are going to be tearing their hair out because MS
    classify things like VNC as "possible danger" and they get deleted.

    > And when the number of actions recommended exceeds a certain
    > threshold, they will be executed willy-nilly.


    I know, and I've done it myself at times :~ you DO tend to get a bit
    "click happy"

    > That is just human
    > nature. People whose computers have become infested with junk due
    > to their trusting of untrustworthy folks will decide to trust
    > their antispyware program in the hope that they made the right
    > decision this time.


    That means the anti- has to be accurate with the classification. Yes,
    things like VNC are a potential security rick, but they are also a
    godsend for admin types. They should not be highlighted by malware
    scanners when they are not malware. I know the definition is hard
    because a lot of what things like VNC do is what malware do, but there
    is a vast difference in the use and implementation. I've met loads of
    PCs with malware, I've never met one with an accidental install of VNC.

    > The problem is not one of definition. The problem is one of behavior.
    > When good programs start acting like bad ones (auto-updates over the
    > net without asking for instance), even with the purest of motivation,
    > they have to expect to be classified as bad until proven otherwise.
    > And by "proven" I mean a credible explanation of why the behavior is
    > _necessary_ not just convenient for the programmers.


    Hee, not just the programmers :) I do agree with a lot of what you have
    said. There is some responsability in the malware scanners to do a bit
    of homework and not highlight none malware though.

    I haven't tried yet, but presumably the MS tool will also throw up
    things like Access-Remote, GoToMyPC, RemotePc....the real question is do
    they also throw up Terminal Server? My guess is yes to the former and no
    to the latter - but then I am cynical.

    >
    > joemooreaterolsdotcom
     
    Martin, Mar 13, 2005
    #10
  11. MrPepper11

    Tim Smith Guest

    In article <d1266e$fg4$-infra.bt.com>,
    Martin <> wrote:
    > > When you say that there isn't any malware in Real VNC, I think you're
    > > missing the point. Spyware detection should be based on the capability
    > > and behavior of the program, not the suspected motivation of the
    > > installer.

    >
    > I'd normally agree with you, but it's kind of hard when it comes to VNC.
    >
    > I've never heard of VNC trying to install itself from an ActiveX
    > commponant, or just from clicking on a web page or through P2P
    >
    > It's huntable if you know what you're looking for, otherwise you'd never
    > come across it accidentally.
    >
    > On their home page it states "The system allows several connections to
    > the same desktop, providing an invaluable tool for collaborative or
    > shared working in the workplace or classroom. Computer support within
    > the geographically spread family is an ever popular use."
    >
    > It does what it says on the tin! So what else do people expect when they
    > install it?


    Furthermore, when people who went and purposefully installed it have it
    removed by an antispyware program without their knowledge (see next
    paragraph), what do they do? Answer: they contact the Real VNC people
    and complain that Real VNC stopped working. This is not cool.

    Numerous studies of end users have shown that they tend to not read
    things their programs tell them--they just click the "OK" buttons and
    hope for the best. What this means is that most people are going to
    follow whatever recommendations their antispyware programs make, without
    reading them. (Yes, this is the same phenomenon that leads people to
    hitting OK on dialogs that ask them to accept spyware...kind of ironic,
    isn't it?).

    --
    --Tim Smith
     
    Tim Smith, Mar 14, 2005
    #11
  12. MrPepper11

    Jim Watt Guest

    On Mon, 14 Mar 2005 08:01:20 GMT, Tim Smith
    <> wrote:

    >Furthermore, when people who went and purposefully installed it have it
    >removed by an antispyware program without their knowledge (see next
    >paragraph), what do they do? Answer: they contact the Real VNC people
    >and complain that Real VNC stopped working. This is not cool.


    Anyone who does that is a particularly ignorant pile of shit who does
    not deserve to use that excellent user supported free software in the
    first place.

    OTOH its highly likely that anyone who is going to run MS anti
    spyware software are not going to have VNC installed anyway.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Mar 14, 2005
    #12
  13. MrPepper11

    Doug Guest

    Martin wrote:
    > Joe Moore wrote:


    <snip>

    >>
    >>
    >> When you say that there isn't any malware in Real VNC, I think you're
    >> missing the point. Spyware detection should be based on the capability
    >> and behavior of the program, not the suspected motivation of the
    >> installer.

    >
    >
    > I'd normally agree with you, but it's kind of hard when it comes to VNC.
    >
    > I've never heard of VNC trying to install itself from an ActiveX
    > commponant, or just from clicking on a web page or through P2P
    >
    > It's huntable if you know what you're looking for, otherwise you'd never
    > come across it accidentally.
    >
    > On their home page it states "The system allows several connections to
    > the same desktop, providing an invaluable tool for collaborative or
    > shared working in the workplace or classroom. Computer support within
    > the geographically spread family is an ever popular use."
    >
    > It does what it says on the tin! So what else do people expect when they
    > install it?


    I think it's still valid to flag it - for one particular environment
    that is. How about a multi-user computer? What if my wife has installed
    VNC or something else on my home PC? I'd like a scanning tool to report
    it and let me decide what to do about it.

    It shouldn't alert her to my keylogger though ;-)

    <snip>
     
    Doug, Mar 15, 2005
    #13
  14. MrPepper11

    Martin Guest

    Doug wrote:
    > Martin wrote:


    >> On their home page it states "The system allows several connections to
    >> the same desktop, providing an invaluable tool for collaborative or
    >> shared working in the workplace or classroom. Computer support within
    >> the geographically spread family is an ever popular use."
    >>
    >> It does what it says on the tin! So what else do people expect when
    >> they install it?

    >
    >
    > I think it's still valid to flag it - for one particular environment
    > that is. How about a multi-user computer? What if my wife has installed
    > VNC or something else on my home PC? I'd like a scanning tool to report
    > it and let me decide what to do about it.
    >
    > It shouldn't alert her to my keylogger though ;-)


    rofl

    > <snip>
     
    Martin, Mar 16, 2005
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. chackamakka

    pix - blacklist

    chackamakka, Sep 28, 2004, in forum: Cisco
    Replies:
    1
    Views:
    663
    Walter Roberson
    Sep 28, 2004
  2. ‡ GateKeeper ‡

    DNS Blacklist servers ?

    ‡ GateKeeper ‡, Sep 21, 2003, in forum: Computer Support
    Replies:
    10
    Views:
    11,518
  3. Sergeant Major Carlton Guddlelock-Mublinghotch

    FIGHT - FIGHT!!!

    Sergeant Major Carlton Guddlelock-Mublinghotch, Mar 4, 2005, in forum: Computer Support
    Replies:
    5
    Views:
    549
    Ionizer
    Mar 4, 2005
  4. Sergeant Major Carlton Guddlelock-Mublinghotch

    FIGHT - FIGHT!!!

    Sergeant Major Carlton Guddlelock-Mublinghotch, Mar 4, 2005, in forum: Computer Information
    Replies:
    4
    Views:
    553
    Ionizer
    Mar 4, 2005
  5. Replies:
    0
    Views:
    423
Loading...

Share This Page