Can't Trust Spyware Protection?

by Andrew Brandt

The next time you run a scan with your anti-spyware tool, it might miss some programs. Some adware companies, arguing that their software is benign, have petitioned anti-spyware firms to stop warning consumers about their software. Other companies have resorted to sending cease-and-desist letters that threaten legal action.

In the past year, at least two anti-spyware firms' products temporarily stopped detecting certain kinds of adware -- a process called delisting. Last year, Lavasoft (maker of Ad-Aware) delisted advertising software WhenU from its detection database. Lavasoft said the delisting happened as the result of an employee error, and the company quickly added WhenU back to Ad-Aware's detection list.

Computer Associates, which makes the PestPatrol anti-spyware tool, temporarily delisted adware made by Claria after Claria asked to have its software reevaluated, but Computer Associates later restored detection of Claria to PestPatrol.

In most cases, it's difficult for customers to determine whether their anti-spyware tool has delisted anything and, if so, which adware it skips.

"When a spyware program gets delisted, users won't be aware of its presence," says Harvard law student and spyware researcher Ben Edelman. The practice, he says, "offers spyware makers a new lease on life, letting them keep users who otherwise would have removed their software."

Degrees of Spyware

Of course, some spyware apps are worse than others. One spyware program may make severe changes to your computer's settings, while another merely displays ads.

Claria and WhenU are making the case that their adware programs don't resort to illegal tactics, such as exploiting security holes, to install themselves. And though this software can be annoying, adware developers argue that merely being listed in an anti-spyware scanner's database tarnishes a company's reputation by linking its relatively benign adware application with far more harmful and intrusive spyware programs.

According to Avi Naider of WhenU, though some other adware companies will track your Web meanderings and sell that data, WhenU's privacy policy doesn't permit it to track the search queries that users type or the Web pages that they browse.

Each anti-spyware firm uses its own set of criteria to decide whether to remove or detect a file or Registry key related to spyware. Usually even a few bad behaviors suffice to red-tag a file as spyware or adware.

One company, Aluria Software, is taking a middle road when dealing with some software that serves advertising. The company, which makes an anti-spyware product called Spyware Eliminator, last year gave WhenU's SaveNow toolbar its "Spyware Safe Certification," and now categorizes WhenU's program as consumerware instead of spyware within Spyware Eliminator. Aluria defines consumerware as "useful applications, often given away free, [which] provide value to the end user, pose no spyware risk, and are easily and completely removed" via the Add or Remove Programs control panel. Spyware Eliminator still gives users the option of automatically removing SaveNow if they choose.

Aluria publishes a list of 26 criteria software must meet to be declared Spyware Safe. Other software publishers disagree with that approach. Peter Mackow of PCTools, maker of the Spyware Doctor anti-spyware program, says that his company won't publish the entire list of its criteria for fear that spyware companies will use the information to design a spyware application that skirts every rule. Many others who fight spyware share that position.

"The spyware guys want a really rigid set of rules defining spyware so they can then make an end run around [all of them]," says Eric L. Howes, who tracks the spyware business for and consults for anti-spyware software companies.

Experts recommend that you employ two -- or even three -- anti-spyware tools. The more you use, the likelier they are to counter the individ- ual biases of each anti-spyware company.

To Delist or Not

It's unfair to permanently blacklist a company based on its past behavior, so some delisting is inevitable. But delisting an adware application is a dangerous proposition for anti-spyware developers. In the past, some spyware and adware makers have changed their software enough to get delisted, only to resume the activity that got them flagged in the first place.

As a result, the anti-spyware industry has developed a thick skin. Delisting is rare because, Edelman says, anti-spyware firms "stand up to strongly worded demand letters."

Adware companies also decry the word spyware itself as inherently negative, so some anti-spyware firms have tried to create terms that mean essentially the same thing, using more-neutral language: "grayware," "potentially unwanted programs," or "potentially unwanted software." But Webroot CEO David Moll argues that matters could get more confusing if the anti-spyware companies try to refer to spyware by other names, just when many people are beginning to understand what spyware can do.

Andrew Brandt is a PC World senior associate editor and author of the monthly Privacy Watch column.

Copyright 2005 Yahoo! Inc. and Tech Tuesday

NOTE: For more telecom/internet/networking/computer news from the daily media, check out our feature 'Telecom Digest Extra' each day at

formatting link
. Hundreds of new articles daily.

Reply to
Andrew Brandt
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.