I Spy

An industry alliance formally defines "spyware,"a move that should help companies combat insidious intrusions.

Ask people to name today's greatest IT security threats and chances are that spyware will rank highly on everyone's list. Then ask those same people to define spyware -- and you're far less likely to get a consensus.

But that's changing now that an industry group has released an official definition for spyware -- a move that can help you and your customers more easily identify and deal with this potential threat.

The Anti-Spyware Coalition (ASC), a group of vendors, government agencies and other organizations, joined forces in April 2005 to combat spyware. Founding members include Microsoft, McAfee, Yahoo!, WebSense, the Cyber Security Industry Alliance and the University of California-Berkeley School of Law, among others.

A Glossary of Selected Spyware Terms

Botnet A type of remote control software, specifically a collection of software robots, or "bots," which run autonomously.

Browser Plug-In A software component that interacts with a Web browser to provide capabilities or perform functions not otherwise included in the browser.

Dialing Software Any program that utilizes a computer's modem to make calls or access services.

Droneware Programs used to take remote control of a computer; typically used to send spam remotely, run denial-of-service attacks or host offensive Web images.

Drive-by Download The automatic download of software to users' computers when they visit Web sites or view HTML-formatted e-mail; the action is taken without users' consent and often without their notice.

Hijacker System-modification software deployed without adequate user notice, consent or control.

Keylogger (or Keystroke Logger) Tracking software that records keyboard and/or mouse activity.

Rootkit A program that fraudulently gains or maintains administrator level access; it may also execute in a manner that prevents detection.

Trickler Automatic download software designed to install or reinstall software by downloading slowly in the background, without impairing other functions, so that the activity is less noticeable.

Zombie A system that has been taken over using remote control software.

Source: Anti-Spyware Coalition. For more information, visit

In July 2005, the ASC released a draft of its initial attempt to spell out exactly what qualifies as spyware. After gathering public comment for several months, the group hammered out a formal definition -- but emphasized that it may change over time.

"We have issued our final document, but we want that to be a living document," says David McGuire, communications director for the Washington, D.C.-based Center for Democracy and Technology (CDT), an ASC founding member. "Spyware evolves, so we need a document that is capable of evolution as well."

Spyware, according to the ASC, represents "technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:

  • Material changes that affect user experience, privacy or system security
  • Use of system resources, including what programs are installed on their computers
  • Collection, use and distribution of personal or other sensitive information.

Technologies covered by the definition include keyloggers, botnets, rootkits, software dialers and hijackers, among others.

"The [new spyware] definitions will help users make more informed decisions about which programs to keep and which to delete," says Ari Schwartz, CDT associate director.

The definitions are also intended to protect anti-spyware vendors and other software publishers. However, the ASC also developed a Vendor Dispute and False Positive Resolution Process. Software publishers that feel their programs have been inappropriately labeled as spyware can follow the organization's recommended best practices to protest the designation. The ASC emphasizes, though, that vendor disputes are addressed by anti-spyware companies and software publishers themselves.

About the Author

Lafe Low is the editorial liaison for ECG Events.


  • Microsoft Publishes Windows Deadlines on Upgrading to SHA-2

    Microsoft on Friday described its 2019 timeline for when it will start distrusting Shell Hashing Algorithm-1 (SHA-1) in supported Windows systems, as well as in the Windows Server Update Services 3.0 Service Pack 2 management product.

  • Performing a Storage Refresh on Windows Server 2016, Part 1

    To spruce up some aging lab hardware, Brien decided to make the jump to all-flash storage. Here's a walk-through of the first half of the process.

  • Datacenters Are Cooling Down as Buildouts Heat Up

    Tech giants Google, Apple and others are expanding their datacenter footprints at a rapid rate, and it's pushing the industry to find better ways to power all that infrastructure.

  • Vendors Issue Patches for Linux Container Runtime Flaw Enabling Host Attacks

    This week, the National Institute of Standards and Technology (NIST) described a high-risk security vulnerability (CVE-2019-5736) for organizations using containers that could lead to compromised host systems.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.