Anti-spyware group agrees detection guidelines

A coalition of software companies has agreed on standard methods for identifying and combating spyware.

The Anti-Spyware Coalition (ASC), whose members include AOL, CA, McAfee, Microsoft, Symantec and Yahoo!, said on Thursday that it has finalised its spyware detection guidelines. The final version takes into account public comments on a proposed version introduced in October.

Spyware and adware have become widely despised for their sneaky distribution tactics, unauthorised data gathering and tying-up of computer processing power. Although adware makers say there are legitimate uses for their programs, an entire anti-spyware market has been spawned to combat the stuff.

The ASC's guidelines, or risk model description, aim to provide a common way to classify spyware, based on risks a piece of software poses to consumers. They also suggest ways to handle software, based on those risk levels.

Among the behaviours the group considers high-risk are programs that replicate themselves via mass emails, worms and viruses. Programs that install themselves without a user's permission or knowledge, via a security exploit, are also deemed high-risk, as are programs that intercept email or instant messages without user consent, transmit personally identifiable data, or change security settings.

The coalition hopes the final guidelines, which have changed little from the proposed version, will lead to better anti-spyware products. To that end, Cybertrust, through its ICSA Labs unit, is planning to certify products that meet the guidelines. Consumers should see the first products with its anti-spyware seal of approval within the next few months, the IT security and risk management company said.

The guidelines should also make it clearer when companies cross the line of what's acceptable and legal and what's not when it comes to downloads, as Sony BMG did recently with its "rootkit" programs, said a spokesman for the ASC. Sony recently settled a class-action lawsuit over copy-restriction software hidden on customers' computers using a rootkit, which opened those PCs up to attack. The company also recalled the CDs after a public uproar.

Yet attempts to define spyware, create guidelines and certify products are controversial. Critics fear guidelines will legitimise spyware and enable distributors to dodge blocking tools while continuing bad behaviours.

The ASC group plans to conduct a public workshop on 9 February in Washington, DC, and is currently working on tips for consumers, including teens and parents, and businesses, said the spokesman.

Alorie Gilbert writes for CNET News.com