how-to block ads
|
eburger68
Premium,MVM
join:2001-04-28
| Targeting "Greyware" - Criteria & Definitions
Hi All:
As we've seen from the initial responses to Lavasoft's new Threat Assessment chart, developing criteria for "anti-spyware" applications to target unwanted software can be a tricky, difficult business. To facilitate the discussion of these issues, I thought it might help to post a short list of existing targeting criteria being used by various anti-spyware companies as well definitions of "spyware," "adware," and related terms that exist on the Net.
Take a good, hard look. I think you'll find that almost all the criteria and definitions developed so far leave something to be desired. The term I've used for the title of this very thread (which I've borrowed from TrendMicro) conveys the difficulty of defining and naming the kinds of software that users want "anti-spyware" applications to detect and remove from their computers.
-----------------------------------------------
Adware/Spyware Targeting Criteria & Definitions
-----------------------------------------------
~~~~~~~~~~~~~~~~~~
Targeting Criteria
~~~~~~~~~~~~~~~~~~
Lavasoft - Threat Assessment Chart
»www.lavasoftnews.com/ms/tac_main.shtml (old)
»www.lavasoftnews.com/ms/research/tac.htm (new)
Microsoft - Criteria for Listings
»www.spynet.com/info_spywarecriteria.aspx
See also: Microsoft - Contact and Dispute Information for Vendors
»www.spynet.com/vendors.aspx
Pest Patrol - Is it a Pest?
»research.pestpatrol.com/WhitePap···eria.asp
Spybot Search & Destroy - Target Policy
»www.safer-networking.org/en/targ···dex.html
Sunbelt - Listing Criteria
»research.sunbelt-software.com/li···eria.cfm
~~~~~~~~~~~
Definitions
~~~~~~~~~~~
Aluria - Adware on Your PC
»www.aluriasoftware.com/spywarela···ails/71/
Aluria - Forms of Spyware
»www.aluriasoftware.com/spywarela···ails/46/
Aluria - Spyware Overview
»www.aluriasoftware.com/spywarela···ails/50/
ARS Technica - Malware: what it is and how to prevent it
»arstechnica.com/articles/paedia/malware.ars
COAST Glossary
»www.coast-info.org/glossary.htm
Computer Associates - Glossary
»www3.ca.com/securityadvisor/glossary.aspx
Computer Associates - What is Spyware?
»www3.ca.com/securityadvisor/news···id=64232
doxdesk.com - Definitions of parasite-related terms
»www.doxdesk.com/parasite/definitions.html
Eric L. Howes - Junkware: A New Name for Spyware
»https://netfiles.uiuc.edu/ehowes/www/junkware.htm
Intermute - What is Spyware?
»www.intermute.com/spysubtract/re···dex.html
Pest Patrol - Glossary
»research.pestpatrol.com/WhitePap···sary.asp
PC Pitstop - What is Spyware?
»www.pcpitstop.com/spycheck/whatis.asp
SpyBuster - What is Spyware and Adware?
»www.spy-buster.com/spywareinfo.htm
Spywaredata.com - Definitions
»www.spywaredata.com/spyware/spyw···ions.php
SpywareGuide.com - Categories
»www.spywareguide.com/category_list_full.php
SpywareGuide.com - Intro to Spyware
»www.spywareguide.com/txt_intro.php
SpywareInfo.com - What is Spyware?
»www.spywareinfo.com/articles/spyware/
SpywareWarrior.com - History of the Term Spyware
»spywarewarrior.com/viewtopic.php?t=10215
Symantec - Expanded Threats
»securityresponse.symantec.com/av···dex.html
TechTarget.com - Spyware
»searchcio.techtarget.com/sDefini···,00.html
Webopedia.com - Spyware
»www.webopedia.com/TERM/s/spyware.html
Webroot - spyware defined
»www.webroot.com/spywareinformati···defined/
Webroot - spyware terminology & definitions
»www.webroot.com/spywareinformati···inology/
Webroot - what is adware?
»www.webroot.com/spywareinformati···eadware/
Wikipedia - Adware
»en.wikipedia.org/wiki/Adware
Wikipedia - Spyware
»en.wikipedia.org/wiki/Spyware
Best,
Eric L. Howes | |
LilBambi
join:2004-08-16
USA
| Using the above listed info, I guess what we need is a:
Scumware Remover
The new Scumware Remover would give users the ability to remove any and all items that could be considered scumware. The program should, like MS AntiSpyware does, list the threat level for each program's group of installed 'stuff' including files, folders (hidden or not), registry entries, etc. Give an option to remove any 'unwanted' program.
Using COAST's definition.
Scumware
A slang term for spyware or any unwanted software/programs installed on your computer.
That should be able to include anything from A-Z and no one could say they were being targeted because it is a user's personal preference based on desire and threat level.
Eric great job of bringing all these together in one place. | |
mViOkPe
@ev1.net
| "It should be added that whenever there are doubts about the classification of software, the manufacturer of the software is contacted about any doubts.
Should the manufacturer decide to not answer such mails, the support forum is used to discuss the problem with the public."
Ref; »www.safer-networking.org/en/targetpolicy/
Seems to me that anti-malware vendors are only subject to their users...not the ad boys. Also seems that user wishes should be as much a criteria as any definition. | |
Bobby_Peru
Premium
join:2003-06-16
4 edits | reply to eburger68
Eric, first thank you as always for finding/making the time to keep at this in general, and for your above gathering of definitions.
I can not read through them now, and could only spend a short time on this now, but for what little this may be worth, here's a frame work to perhaps get started. Of course avoiding the "name calling" that these miscreants seem to bring out in me, would be highly recommended. Huge holes exist at this point, but here goes...
------------------------------
Software Detection and Removal Tool Version 0.000.001--
Purpose:
This software attempts to detect other software that meet the enumerated criteria as listed below. Software is selected for testing by many means, including user suggestions and submissions.
Modification and Notice:
These criteria may be modified, altered, or otherwise changed, at any time, and with no notice.
Should any modification be made, we will provide notice, but are under no obligation to do so, other than should such a modification result, or allow for software, or recent or new versions of software to no longer be detected (less detection), we warrant that we will give clear, unambiguous prior Notice to our customers, by prior posting of any such changes and their effects on our site, on the Update Page, the Download Page, and any other applicable pages, and by providing such notice through our software's Update procedure.
(Specific NOTICE details stated- Font size, size of Notice pop-up if any, color scheme, minimum time pop-up must remain on screen, procedure required to close pop-up).
NOTE: DETECTION INDICATES ONLY MEETING ONE OR MORE OF THE BELOW CRITERIA. USERS CHOOSE WHAT DETECTED SOFTWARE THEY WANT TO REMAIN ON _THEIR_ MACHINES, AND WHAT SOFTWARE THEY WILL REMOVE. ANY SUGGESTIONS REPRESENT THE RESULTS OF OUR RESEARCH INTO USER'S OWN PREFERENCES, EXPERTS ADVICE, AS WELL AS OUR PREFERENCES. USERS ARE UNDER NO OBLIGATION TO FOLLOW ANY SUGGESTIONS.
--- CRITERIA FOR DETECTION AND USER SELECTABLE REMOVAL---
1) USER DESIRE
Unwanted by any user for any reason, at any time, as determined by ...
AND/OR
2) QUESTIONABLE INSTALLATION EXPLOITATION --- Failure to provide for express user consent to Installation, with prior presentation of clear, concise, easy to understand Notice as specified below. Use any sort of deceit, including, but not limited to, misleading statements (in EULAs or otherwise), false statements, or omissions, to manipulate the user into installing the software.
AND/OR
3) AD PRESENTATION
Displays and/or plays advertisements (?define display, plays and advertisements?).
AND/OR
4) Uninstall
At initial installation, and at all times subsequent to that, up until complete removal, Fails to itself contain upon initial installation, and retain until complete uninstallation, and provide ALL of the following methods of quick, easy (define?) complete uninstallation, each of which singularly must completely Uninstall the software and any other software that said software imported...., including ??? , and which must not Uninstall, or in any way damage any other software, data, O/S and/or...? of the machine:
A) Windows Programs Add/Remove
AND
B) Windows--> Start--> Programs
5) INFORMATION and COMMUNICATION
Monitors and/or collects, and/or detects, and/or stores, and/or transmits any information related to the use of the machine, and/or any application, and/or any user of the machine, and/or any user's use of the machine, and/or any connection, unless... (Experts must help out here to craft language to narrowly include normal o/s and application functioning, yet exclude the scumware. I know this is a tough one, but I think it can be done).
AND/OR
6) PURPORTED "EULA"/"LICENSE" SECTION #1
Contains any purported "EULA", "contract", "license", "agreement", "licensing agreement"...... that fails to provide:
a)
AND
b)
(specify presentation/display minimum characteristics: when displayed, how long it must be displayed, procedure required to "Agree", how it is displayed - Font size, color scheme, line spacing, where in "document" and where in "display" of document enumerated language must be display - first "page"..)
AND/OR
7) PURPORTED "EULA"/"LICENSE" SECTION #2
Contains any purported "EULA", "contract", "license", "agreement", "licensing agreement"...... that states, implies and/or alleges in any manner:
a)
and/or
b)
AND/OR
8) MACHINE/APPLICATION/CONNECTION PERFORMANCE
Negatively impacts the performance, use, and enjoyment of a machine(specify a range of machine characteristics), as determined by the user and/or (specify expert(s), and/or groups).
9) VISIBILITY/CONTROL/STARTUP
10) VENDOR CONTACT INFORMATION --
Fails to provide (specify how provide) ALL of the following information: Contact Info (specify: Complete physical address, phone, email, Registered Agent's contact info...)
.....
[Edit: 1st mark-up, now including said by Blackbird SR:
1) Unwanted by any user for any reason at any time , as determined by ... and said by sivran:
Uses any sort of deceit, including, but not limited to, misleading statements (in EULAs or otherwise), false statements, or omissions, to manipulate the user into installing the software. | |
Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
 ·Verizon Online DSL
| said by Bobby_Peru  : 1) Unwanted by any user for any reason, as determined by ... I'd change this to: 1) Unwanted by any user for any reason at any time , as determined by ...
I think right up front has to be addressed (even indirectly) the issue that the user MAY have once accepted some kind of EULA or OK button, but now elects (legitimately) to revoke that choice. EULA acceptance appears to be the spearpoint of the malware litigation threats, so the concept needs to be established that anti-malware tools exist, in part, to assist a user who has changed his mind about any earlier EULA acceptance.
--
If God wanted us to work with electrons, He'd make them big enough to see... | |
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·Clearwire Wireless
 ·RoadRunner Cable
| reply to eburger68
To dispel any claims of an unfair selection system, with the exception of the browser/OS itself any program that connects to or makes use of computers www connection ought to be TAC'ed. That behavior alone should be worth some measure of points. So what if an AV updater scores a 1? A score of 1 is not cause for action. The programs that have their behavior manipulated to fall within an accepted TAC level with no meaningful change to their overall scheme (unwanted behavior) would have the additional challenge of the
initial TAC score, which would be fair because because it's applied to all programs that in any way make use of a www connection. | |
danny9
Go Ahead, Make My Day
Premium
join:2002-07-14
Clinton Township, MI
clubs: 
 ·VoicePulse
·Comcast
| reply to eburger68
Eric, Thanks for your time and trouble in making us aware what's going on. Your efforts are appreciated and I have learned alot on the complexities of these issues of which I was never aware of before. Thanks again!:)
--
To Think or not to Think: That is the real question. VoicePulse 07/29/04 | |
dadkins
Can you do Blu?
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast
2 edits | reply to eburger68
Question, *IF* I agree to an EULA to install whatever, and said EULA(in legalese) states that I cannot "modify" or "change" _______ , and I decide to REMOVE this "item", is that not modifying/changing it?
Once I find that "it" is doing something that I do NOT agree with, I cannot REMOVE "it" with whatever tool I choose?
Is Add and Remove Programs next in these BS lawsuits? ProcessGuard/RegProtect/SpywareGuard/RegSeeker/etc. better look out as well, no?
Using regedit is against the law now?
Is this CRAPWARE lawsuit fiasco stupid or what? | |
sivran
God Save The Suite
Premium
join:2003-09-15
Arlington, TX
clubs:
·RoadRunner Cable
| reply to Bobby_Peru
I think I'll propose an amendment to Bobby Peru's example myself.
quote:
4) Fails to itself contain upon initial installation, and retain until complete uninstallation, and provide ALL of the following methods of quick, easy (define?) complete uninstallation, each of which singularly must completely Uninstall the software and any other software that said software imported...., including ??? , and which must not Uninstall, or in any way damage any other software, data, O/S and/or...? of the machine:
This is fine, if you're looking at it like this: "Application A, which is supported by Adware B, must remove Adware B and all components thereof upon being uninstalled."
But, if you look at it from the other direction: "Adware B, must upon being uninstalled..." Must Adware B prompt the user with, "Hey, you, uninstalling me will break Application A. Do you wish to uninstall that as well?" However, Adware B may not be smart enough to enumerate the different applications using it, or it may remember only the last application to use it.
There should also be an entry that explicitly addresses such programs, like certain P2P apps, that install separate adware/spyware components. Such applications should be required to provide uninstallers for these *ahem* "other" components, regardless of whether doing so would break the application or not. The uninstaller would of course warn the user of this, I'm sure. 
quote:
2) Questionable Installation exploit section ---
"Uses any sort of deceit, including, but not limited to, misleading statements (in EULAs or otherwise), false statements, or omissions, to manipulate the user into installing the software."
--
TCPA - Treacherous Computing
Kerio 2.1.5 - Best damn firewall
Home licensing should be just that. | |
ZOverLord
Premium
join:2003-10-20
Minneapolis, MN
3 edits | reply to eburger68
When Microsoft embedded the Pop Up Blocker it never ASKED anyone if they were using it for AD's!
The ONLY TAC should be, does this software produce from time to time AD's that some users may not want.
Yes/No
Anything else, any more detailed of a TAC will only be a reason for LEGAL action, lawyers will PICK apart each other ITEM in the TAC and claim their clients software does NOT meet the criteria for that Item, and request Millions of Dollars for the harm caused!
Geeze, if a woman can sue over spilling Hot Coffee on her lap because the lid on the cup did not say CONTENTS is HOT what do you think ANY detailed TAC will save you from.
The SOLUTION to this problem is LESS DETAIL not MORE DETAIL, MORE DETAIL GETS YOU IN COURT!
Allow the user to un-check Just as MICROSOFT does in the POP-UP BLOCKER!
My God, these vendors are FALLING into the LEGAL TRAP! that these CRAPWARE vendors want.
We are not talking about MAPPING the Human Gene Pool here! | |
LilBambi
join:2004-08-16
USA
| Maybe the only thing that is really needed here is a very simple law that makes EULAs null and void - if they work against the wishes of the user? Some Software Lemon Law or something like that.
The user owns the equipment, nothing should be allowed there that the user doesn't want, right?
If an owner of equipment finds that the software doesn't stack up to expectations, or it has shown itself to have ill effects to the user or their equipment, or it doesn't play well with the users other software, the owner of the equipment should have the right to remove that software regardless of the EULA ... maybe under some Software Lemon Law?
Hmmm...might need some further thought and discussion.
Any thoughts on that? | |
Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
·Verizon Online DSL
1 edit | said by LilBambi :Maybe the only thing that is really needed here is a very simple law that makes EULAs null and void - if they work against the wishes of the user? I (not any software house) own my computer. I make the choice to install or remove whatever software I want, as long as fees, copyright, and intellectual property rights are respected. A EULA is a licensing agreement, not a statement of computer ownership. It is a statement of agreement of what the software may do while on my computer, and my acceptance of those terms. That does not give installed software any right, in perpetuity, to remain on my computer if I choose the license and software removed. There need be no finding of harm in the software, 'working against my wishes', or any other justification for my removing it. If I want it removed, I have that right, pure and simple. And I can use any tool appropriate to that removal task, either provided by the software maker, provided by a third party, or provided by myself (including file deletion or drive reformat). Downloaded software is a GUEST on our computers, perhaps paid for, perhaps free, but persisting there only at our pleasure.
Edit: spelling 
--
If God wanted us to work with electrons, He'd make them big enough to see... | |
LilBambi
join:2004-08-16
USA | reply to eburger68
bump... too good a list of important links to let it slip too far down the listing. | |
sivran
God Save The Suite
Premium
join:2003-09-15
Arlington, TX
clubs:
·RoadRunner Cable
| reply to ZOverLord
quote:
The ONLY TAC should be, does this software produce from time to time AD's that some users may not want.
You're making the same mistake that Eric called me on earlier, Z: trying to develop solely functional criteria. You're going to catch far too much benign software with just this one test. For instance, web browsers display ads that some users may not want. While these ads may not be part of the browser itself--except in the case of Opera--your criteria doesn't distinguish this fact. It met your criteria and therefore, must be detected. You should look at the La-La land thread, particularly starting at this post: »ASW Vendors in La-La Land
And now I'm going to try to tackle Bobby Peru's criteria in their entirety, because it's interesting and easier than coming up with something myself, and may aid me in coming up with something myself in any case.
quote:
1) USER DESIRE
Unwanted by any user for any reason, at any time, as determined by ...
"As determined by the user looking for an uninstaller," perhaps?
quote:
2) QUESTIONABLE INSTALLATION EXPLOITATION --- Failure to provide for express user consent to Installation, with prior presentation of clear, concise, easy to understand Notice as specified below. Use any sort of deceit, including, but not limited to, misleading statements (in EULAs or otherwise), false statements, or omissions, to manipulate the user into installing the software.
I have yet more to add here: "The fact that a user agreed to an EULA shall under no circumstances revoke their right to remove the software covered by that EULA, nor shall this alone constitute consent, especially if the EULA in question contains any of the aforementioned characteristics."
quote:
3) AD PRESENTATION
Displays and/or plays advertisements (?define display, plays and advertisements?).
This one is tricky to write, without catching such things as web browsers, email clients, and even usenet readers. I'm not sure I can actually do this. "Displays, from time to time, some potentially undesired advertisements in any form, excepting the following: advertisements contained in a webpage that the user elected to view (to exclude web browsers from detection), and advertisements contained in email or usenet postings (to exclude email clients and usenet readers). These exceptions shall not apply to advertisements which are "built-in" with the program itself, e.g. Opera's free version. Thus, Opera, while a web browser, is still "adware" by this definition, as is Eudora. Running a program does not constitute electing to view a website, thus if running some software results in a webpage being opened which contains advertisements, that software shall be deemed to display advertisements, regardless of whether or not any are "built-in" to the program itself."
quote:
4) Uninstall
At initial installation, and at all times subsequent to that, up until complete removal, Fails to itself contain upon initial installation, and retain until complete uninstallation, and provide ALL of the following methods of quick, easy (define?) complete uninstallation, each of which singularly must completely Uninstall the software and any other software that said software imported...., including ??? , and which must not Uninstall, or in any way damage any other software, data, O/S and/or...? of the machine:
A) Windows Programs Add/Remove
AND
B) Windows--> Start--> Programs
easy (define?) -> "Easy shall be defined as following standard, intuitive methods of uninstallation, such as via the program's entry on the start menu, and the Windows Add/Remove programs tool."
software imported...., including ??? , and which must not Uninstall, or in any way damage any other software -> "including any and all updates, extensions, modifications, and companion and/or dependent programs, e.g., removing "WildTangent WebDriver" must remove any and all WildTangent software. The uninstaller must prompt the user with this information, clearly explaining why additional software is being removed, and offer them the chance to cancel the operation should they so desire. Failure in this or any of the aforementioned aspects will result in detection.
quote:
5) INFORMATION and COMMUNICATION
Monitors and/or collects, and/or detects, and/or stores, and/or transmits any information related to the use of the machine, and/or any application, and/or any user of the machine, and/or any user's use of the machine, and/or any connection, unless... (Experts must help out here to craft language to narrowly include normal o/s and application functioning, yet exclude the scumware. I know this is a tough one, but I think it can be done).
Add a clause here about "for marketting, advertising, or any other commercial purposes."
quote:
6) PURPORTED "EULA"/"LICENSE" SECTION #1
Contains any purported "EULA", "contract", "license", "agreement", "licensing agreement"...... that fails to provide:
a)
AND
b)
(specify presentation/display minimum characteristics: when displayed, how long it must be displayed, procedure required to "Agree", how it is displayed - Font size, color scheme, line spacing, where in "document" and where in "display" of document enumerated language must be display - first "page"..)
The EULA display must include copy and paste functionality, should the user wish to paste it into a text editor or word processor for closer review. EULAs should include, at the top, the phrases "This program displays advertisements" and/or "This program tracks usage for commercial purposes" as appropriate to the program's behavior. The EULA that is displayed to the user must be complete and unabridged. A web link does not constitute an EULA, nor shall a web link satisfy the issues of "user consent" or "user desire."
quote:
7) PURPORTED "EULA"/"LICENSE" SECTION #2
Contains any purported "EULA", "contract", "license", "agreement", "licensing agreement"...... that states, implies and/or alleges in any manner:
a)
and/or
b)
That the user does not have the right to remove the software
quote:
8) MACHINE/APPLICATION/CONNECTION PERFORMANCE
Negatively impacts the performance, use, and enjoyment of a machine(specify a range of machine characteristics), as determined by the user and/or (specify expert(s), and/or groups).
This one is just too dicey. Many users cry loudly about how anti-virus and software firewalls bog their systems down, and this criteria would thus have to catch them all. Perhaps an exclusion could be added here, but what about malware posing as such? (eg, Veloz/eAcceleration)
quote:
9) VISIBILITY/CONTROL/STARTUP
A program shall not hide from the user, or it will be detected.
quote:
10) VENDOR CONTACT INFORMATION --
Fails to provide (specify how provide) ALL of the following information: Contact Info (specify: Complete physical address, phone, email, Registered Agent's contact info...)
No comments here...
--
TCPA - Treacherous Computing
Kerio 2.1.5 - Best damn firewall
Home licensing should be just that. | |
Vvian Kalyss
join:2003-10-14
Stage 5.0
clubs:
| reply to eburger68
Good points, all.
We could just call it a "software removal tool", plain and simple. If they ask why their software is on that list, say by vote and request of many users. There, now they can't complain about people calling them malware or whatever.
--
Mikami Vvian, resident Girlfriend of Steel, care of the Tokyo-3 Middle Daughters Club | |
|
