AlbertPacino
Skilled
Earlier this week, when anti-spyware vendor eTrust PestPatrol temporarily removed detections for eight adware applications marketed by Claria, the move caused many a raised eyebrow among anti-spyware advocates.
PestPatrol said Friday it would relist all of the Claria Corp. applications on its threat database after a one-week Vendor Appeal Process, but the absence of a standard approach to defining the unwanted programs has plunged the industry into deep chaos and confusion.
PestPatrol, which is marketed by Computer Associates International Inc., uses a strict, 21-point Spyware Scorecard to determine whether to flag a piece of software as a privacy or security threat.
"We use a behavior-based list of criteria, and we make that list public. If your software meets any of the criteria, you're classified as spyware in our database," said Tori Case, director of security management at eTrust PestPatrol.
That approach, Case argued, sets up a structure for a legitimate adware vendor with good intentions to "clean up their act" in an open, transparent way.
In stark contrast to the PestPatrol approach, anti-spyware players such as Webroot Software Inc., Sunbelt Software and newcomer Microsoft Corp. deliberately avoid limiting or restricting the definition criteria.
"The adware vendors want you to use strict definitions so they can play games and work around those lists. That's why PestPatrol is having problems with delisting and relisting," said Eric Howes, an anti-spyware advocate who provides consulting services for Sunbelt. "The minute you set up these definition lists, you are setting yourself up for cat-and-mouse games."
"A better approach is to define a set of objectionable practices. Many people want to focus on the quality and functionality of the software, but that doesn't work because there's a lot of deceptive intent [from adware vendors]," Howes said in an interview with eWEEK.com.
"You have to focus on the business practices and outline a list of objectionable behavior. Yes, it can be subjective, but that's the only way it works in the interest of the consumer," Howes said.
For more on this article here
PestPatrol said Friday it would relist all of the Claria Corp. applications on its threat database after a one-week Vendor Appeal Process, but the absence of a standard approach to defining the unwanted programs has plunged the industry into deep chaos and confusion.
PestPatrol, which is marketed by Computer Associates International Inc., uses a strict, 21-point Spyware Scorecard to determine whether to flag a piece of software as a privacy or security threat.
"We use a behavior-based list of criteria, and we make that list public. If your software meets any of the criteria, you're classified as spyware in our database," said Tori Case, director of security management at eTrust PestPatrol.
That approach, Case argued, sets up a structure for a legitimate adware vendor with good intentions to "clean up their act" in an open, transparent way.
In stark contrast to the PestPatrol approach, anti-spyware players such as Webroot Software Inc., Sunbelt Software and newcomer Microsoft Corp. deliberately avoid limiting or restricting the definition criteria.
"The adware vendors want you to use strict definitions so they can play games and work around those lists. That's why PestPatrol is having problems with delisting and relisting," said Eric Howes, an anti-spyware advocate who provides consulting services for Sunbelt. "The minute you set up these definition lists, you are setting yourself up for cat-and-mouse games."
"A better approach is to define a set of objectionable practices. Many people want to focus on the quality and functionality of the software, but that doesn't work because there's a lot of deceptive intent [from adware vendors]," Howes said in an interview with eWEEK.com.
"You have to focus on the business practices and outline a list of objectionable behavior. Yes, it can be subjective, but that's the only way it works in the interest of the consumer," Howes said.
For more on this article here