I Spy

An industry alliance formally defines "spyware,"a move that should help companies combat insidious intrusions.

Ask people to name today's greatest IT security threats and chances are that spyware will rank highly on everyone's list. Then ask those same people to define spyware -- and you're far less likely to get a consensus.

But that's changing now that an industry group has released an official definition for spyware -- a move that can help you and your customers more easily identify and deal with this potential threat.

The Anti-Spyware Coalition (ASC), a group of vendors, government agencies and other organizations, joined forces in April 2005 to combat spyware. Founding members include Microsoft, McAfee, Yahoo!, WebSense, the Cyber Security Industry Alliance and the University of California-Berkeley School of Law, among others.

A Glossary of Selected Spyware Terms

Botnet A type of remote control software, specifically a collection of software robots, or "bots," which run autonomously.

Browser Plug-In A software component that interacts with a Web browser to provide capabilities or perform functions not otherwise included in the browser.

Dialing Software Any program that utilizes a computer's modem to make calls or access services.

Droneware Programs used to take remote control of a computer; typically used to send spam remotely, run denial-of-service attacks or host offensive Web images.

Drive-by Download The automatic download of software to users' computers when they visit Web sites or view HTML-formatted e-mail; the action is taken without users' consent and often without their notice.

Hijacker System-modification software deployed without adequate user notice, consent or control.

Keylogger (or Keystroke Logger) Tracking software that records keyboard and/or mouse activity.

Rootkit A program that fraudulently gains or maintains administrator level access; it may also execute in a manner that prevents detection.

Trickler Automatic download software designed to install or reinstall software by downloading slowly in the background, without impairing other functions, so that the activity is less noticeable.

Zombie A system that has been taken over using remote control software.

Source: Anti-Spyware Coalition. For more information, visit

In July 2005, the ASC released a draft of its initial attempt to spell out exactly what qualifies as spyware. After gathering public comment for several months, the group hammered out a formal definition -- but emphasized that it may change over time.

"We have issued our final document, but we want that to be a living document," says David McGuire, communications director for the Washington, D.C.-based Center for Democracy and Technology (CDT), an ASC founding member. "Spyware evolves, so we need a document that is capable of evolution as well."

Spyware, according to the ASC, represents "technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:

  • Material changes that affect user experience, privacy or system security
  • Use of system resources, including what programs are installed on their computers
  • Collection, use and distribution of personal or other sensitive information.

Technologies covered by the definition include keyloggers, botnets, rootkits, software dialers and hijackers, among others.

"The [new spyware] definitions will help users make more informed decisions about which programs to keep and which to delete," says Ari Schwartz, CDT associate director.

The definitions are also intended to protect anti-spyware vendors and other software publishers. However, the ASC also developed a Vendor Dispute and False Positive Resolution Process. Software publishers that feel their programs have been inappropriately labeled as spyware can follow the organization's recommended best practices to protest the designation. The ASC emphasizes, though, that vendor disputes are addressed by anti-spyware companies and software publishers themselves.

About the Author

Lafe Low is the editorial liaison for ECG Events.


comments powered by Disqus

Subscribe on YouTube