quote:

---

The following criteria are part of a scoring system that determines whether a program is added for detection.

Criteria (in no specific scoring criteria):

Distribution/Installation/Removal Criteria

* Installs without user permission
* Installs without user interaction or an installation interface
* Bundles other known malicious software
* Installs hidden plug-ins in the Web browser that do not have a user interface
* Dos not include an uninstaller
* Automatically reinstalls itself after the user uninstalls it or part of it
* Requires the user to download an uninstaller from a Web site
* Does not include an uninstaller that is compatible with Add or Remove Programs
* Creates a procedure to automatically start when Windows starts This would include ZAF, all AV monitors, many anti-trojan products, RealPlayer, etc. This should only apply if the software does it without permission.
* Is installed by an ActiveX control More of a prejudice than anything meaningful.
* Exploits a security vulnerability in any way
* Installs even if the user clicks No or cancels the installation
* Is installed by third-party affiliates Lots of legitimate software is installed via Digital River, Tucows and Geeks.com, which are third party affiliates.
* Offers an affiliate program that pays a fee for distributing the software Lots of legitimate software is installed via Digital River, Tucows and Geeks.com, which are get a fee when they sell products that have no-zero purchase prices.
* Is affiliated with malicious or questionable portals, search engines, or hacking sites A just plain weak definition. Define questionable? Why is being affiliated with Google a problem?

Behavioral Criteria

* Modifies the hosts file
* Changes common settings, such as the home page or search page, without user permission
* Changes Web browser configuration Lots of legitmate software does this. For example, FireFox extensions, and media players.
* Uninstalls existing software without user consent
* Includes a process that cannot be manually terminated by the user
* Displays pop-up or pop-under windows outside of the application
* Displays pop-up or pop-under advertisements that cannot be closed by clicking a Close button
* Modifies Web site content, such as changing search results or substituting certain advertisements for other advertisements
* Displays pop-up advertisements when the Web browser is not running
* Automatically restarts itself if the user terminates its process
* Restores registry keys or file entries that are removed by the user
* Redirects or blocks searches, queries, user-entered URLs, and other sites without notification or user consent

Security Criteria

* Changes operating system security settings without user permission
* Changes software security settings, such as a Web browser security settings, without user permission
* Connects to the Internet without user permission
* Disables firewalls, antivirus software, or anti-spyware software
* Opens a port on the computer without user knowledge Quick, what ports does WMP use to play video? How many lay-people have any idea what ports any of their software opens? So this is absurd.
* Silently reinstalls components This would be good in security software, but not without user permission.
* Adds a new dial-up connection or other network connection Without user permission.
* Initiates a connection to the Internet or initiates a dial-up connection with user interaction Probably a typo, and should say "without user interaction"
* Prevents anti-spyware or antivirus software from removing the program
* Downloads and installs software without user permission Should be an exemption for updates, or should provide for global update permission, just so long as the user retains control of the option. Possibly updates should be logged.
* Runs in a mode that hides processes from the user or system tools
* Provides remote administration or file transfer capabilities A bad definition. Firefox falls into this catagory. So do MSIE, Acrobat Reader and RealPlayer. They all provide file transfer capabilities.
* Requires Internet access to uninstall
* Monitors sensitive items without explicit notice and consent, such as keystrokes, emails, instant messages screenshots, or the history or open programs and documents
* Runs malicious or questionable scripts

Privacy Criteria

* Does not contain a privacy policy There should be an exemption for products and sites that don't capture any private info.
* Does not contain a EULA (End User License Agreement)
* Installs a LSP (layered service provider) Some legitimate products need one.
* Silently tracks sites visited without user permission, such as by IP address, GUID, email address, name or other identifier Should be an exemption for tracking the user use of its own facilities. This has caused confusion in the past, where web based games have monitored their own performance, and people claimed that was spying.
* Tracks Web browsing behavior and transmits this information to a remote server
* Requires additional information to uninstall the software, such as email address
* tracks online activity and matches it to personally identifiable information without clear notice and consent, including but not limited to Web pages viewed or accessed, user selected content, keywords and search terms
* Collects personally identifiable information without express consent in statements other than the EULA or privacy policy

---