About this series: Spyware is quickly replacing worms and viruses as IT managers' biggest worry. In this two-part series, security professionals and others debate spyware detection and who is best qualified to define it.
Bad apples 'easily recognized'
Anthony Arrott, InterMute's director of threat research, said he doesn't lose much sleep worrying about whether SpySubtract is killing legitimate programs.
"I think everyone has struggled with the differences," he said. "There are fundamental differences of intent when you look at this stuff, and there can be a lot of misunderstanding about spyware. But by and large, most of it is easily recognizable as bad. If we started destroying Windows files by mistake, we'd pick up on it immediately."
Arrott said spyware often disguises itself as good programs -- the
The perfect formula for defining spyware may never exist, but Arrott doesn't necessarily think that's bad.
"It's in everyone's best interest not to paint that clear line," he said. "Suppose the Federal Trade Commission got together with all the good software companies and antispyware firms and came up with clear definitions? All that would happen is that more people would park by the gray zone. If you give [spyware pushers] a clear line and they all line up there, the result on the user is the same."
He said it's up to entities like 180Solutions, Cool Web Search and Claria to prove they're not spyware. "The onus is on them," Arrott said. "If someone comes to us and asks us to remove them from our spyware list, they have to clarify what they're about and why they are not spyware."
As for letting the users decide what to kill or keep, he said, "If we've gone through the trouble to identify something as spyware, we're going to get rid of it. But if the IT person reviews the log of what we found and wants something back, it can be restored and put on a white list."
Staying out of the black
Kent Allen, an analyst specializing in e-commerce, said he's seen enough to conclude that a lot of companies are mislabeled as spyware. In the case of 180Solutions, he said, "There are misconceptions about what they do."
But he believes the company brought a lot of the woe on themselves. "In the past, 180Solutions was a small company trying to move fast,"
Allen said there's nothing wrong with adware as long as those who produce it make it clear to the user that it will be downloaded as part of other programs they're trying to install.
"I'm not sure I like the term 'spyware,'" he said. "It has been used loose and free in recent months, and cookies have been lumped in. That lack of definition is typical of the stage of market development we're at. With the spyware uproar, you have watchdog groups with their own self-interests leading the charge."
But companies in the gray zone often don't help themselves, he said. "If your notification and consent form is 10 pages of legalese, you're not giving the user a clear idea of what their choices are. Notification and consent must be clear and concise."
If these companies want to avoid the spyware list, they should stop fighting the security firms and work with them instead, Allen said.
"Adware companies need to work more with the security companies," he said. "They can learn ahead of time what kind of behavior will get them lumped in with the bad stuff."
While it angers him that several vendors finger 180Solutions as spyware, Sawicki said there are some firms that are reasonable to work with. "Symantec and McAfee have taken the right approach to this, focusing on programs designed for fraud," he said.