Makers of anti-spyware software are taking another shot at creating a definition of spyware, this time with help from consumer organisations.
Two months after the collapse of the Consortium of Anti-Spyware Technology vendors, or Coast, which fell apart after it admitted a company suspected of making adware, a new group - tentatively named the Anti-Spyware Coalition (ASC) - plans to publish proposed guidelines which define spyware, best practices for desktop software development and a common lexicon, according to people involved with the group.
Debate has gone on for years over spyware and adware, with manufacturers defending some of these applications as legitimate marketing tools. The terms are slippery, frequently used to apply both to the information-thieving software and the often-annoying advertising tools bundled with free software programs.
Tori Case, director of security management at CA, said: "There is much confusion over what spyware is and what it is not. And it starts with the fact that there is no definition.
"What one person calls spyware, another calls adware, another calls surveillance software and yet another says it is not anything. That has led to a lot of confusion. If we could all agree, that would allow us to focus our energy on [making] better products and actually protecting against this stuff."
David Fewer, staff counsel at the Canadian Internet Policy and Public Interest Clinic, a consumer advocacy group in Ottawa associated with the new coalition, said: "Consumers will benefit by clarity in the rules that apply to those kinds of applications. It will also help software makers understand where the line is so they can stay on the clear side of it."
While specific examples of legitimate and illegitimate behaviour aren't hard to pinpoint, identifying clear categories has proved difficult. "The key benefit is getting a handle on the nature of the problem, [getting] industry-wide acceptance on what is accepted and what is not," Fewer said.
Ultimately, according to Fewer, judging whether software is spyware comes down to three components: notice, consent and control. During installation of an application, it should be clear to the user what the tool does. The user should also have to give permission for installation and should be able to remove the application. In many cases, spyware and adware don't meet those basic rules, Fewer said.
The Anti-Spyware Coalition is still in its formative stages, with all the parties involved meeting for the first time last week, said Ari Schwartz, an associate director at the Center for Democracy and Technology, a Washington-based public advocacy group which is running the coalition. There is commitment to form the coalition but the group's name has not been formally announced yet, he said.
ASC members include the major anti-spyware makers and several industry groups. Some consumer organisations, including the Consumers Union, also participate, said Schwartz.
Drafts of the coalition's guidelines are finished and should be published by the end of the summer, when they will be open to public comments, he added.