TexasGuy
49 States And Texas
Premium
join:2002-12-02
Houston, TX
|  How would you describe term "SpyWare" ?
Due to the recent developments where shady companies try to redefine themselves in more positive terms, what do we call "spyware" nowadays?
Is spyware any application that sends statistics of marketing purposes or only applications that secretly do that?
Does it count if an application in question truthfully informs you that data is being collected and how?
Where is that border line where an application becomes a spyware?
--
-- Who drank has died, who drinks will die; is he immortal who is sober? --
-- I started out with nothing, I still have most of it -- |
|
Spy
Premium
join:2001-09-22
NE
| said by TexasGuy  :Is spyware any application that sends statistics of marketing purposes or only applications that secretly do that? Does it count if an application in question truthfully informs you that data is being collected and how? Where is that border line where an application becomes a spyware? Only applications that do it without your consent or awareness.
If the application informs you what it's doing and it does exactly that and you consented to it then it should not be considered spyware in my opinion.
Once the application is doing something without your knowledge or consent, I consider it spyware. |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
1 edit | reply to TexasGuy
I think that efforts like this, though honorable, are doomed to fail because they are attempting to summarize many dimensions of behavior into three or four words.
Likewise: it would be difficult to break down all human beings into three categories:•he's a saint•he's ok•he's an asshole Clearly some people will be obviously in one category or another, but an awful lot will have merit suggesting more than one. Then we'd get arguments;said by person 1:
He's an asshole! said by person 2:
No, he's just direct, so that makes him ok! And what about somebody like Hitler or Saddam? Somehow "asshole" doesn't quite do them justice.
And then we'd get lawsuits over somebody being called one thing on a forum, claiming they belong in a different category.
Different premises inform different characterizations, and it's simply impossible to distill this all into a couple of words, and efforts to do so simply hide the complexity of the situation with no real benefit except to the lawyers.
Steve -- obviously a saint 
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site |
|
TexasGuy
49 States And Texas
Premium
join:2002-12-02
Houston, TX
| reply to Spy
said by Spy :said by TexasGuy :Is spyware any application that sends statistics of marketing purposes or only applications that secretly do that? Does it count if an application in question truthfully informs you that data is being collected and how? Where is that border line where an application becomes a spyware? Only applications that do it without your consent or awareness. If the application informs you what it's doing and it does exactly that and you consented to it then it should not be considered spyware in my opinion. Once the application is doing something without your knowledge or consent, I consider it spyware. What if the real description is buried deep in the EULA and no sain person would would read the crap attentively though in a perfect world they should.
Thus, the customers then base their knowledge about functionality and features of a program only from what they heard from other sources.
Therefore, should the program wave a red flag that says I am a spyware or is it ok to mention it on line 5000 of the EULA?
--
-- Who drank has died, who drinks will die; is he immortal who is sober? --
-- I started out with nothing, I still have most of it -- |
|
Spy
Premium
join:2001-09-22
NE | If it's in the EULA on line 5000 and it does explain what it's doing to you, I would say it's not spyware. Many people don't read the entire EULA but somebody does. Unfortunately, that's the way it is. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·RoadRunner Cable
 ·Clearwire Wireless
| reply to TexasGuy
said by TexasGuy :Therefore, should the program wave a red flag that says I am a spyware or is it ok to mention it on line 5000 of the EULA? Can a program be covertly overt?
If it's willing to put "I am a spyware" anywhere in it's EULA who am I to argue it? |
|
reaver221
join:2003-05-08
Cincinnati, OH | reply to TexasGuy
Spyware is "nasty shit." That's how I've always defined it. I guess it would vary depending on what different people consider to be "nasty shit," but ah well. |
|
Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
 ·Verizon Online DSL
2 edits | reply to TexasGuy
As Steve has said, simple characterizations can break down pretty quickly.
There may be a permission statement intentionally embedded deep in the middle of the EULA, and many might overlook it completely... that presents one kind of issue. But suppose a person does see a line in a EULA which says: "The licensee accepts that this software, or software from a third party acceptable to the licensor, may perform file activity on the licensee's computer". What does that really mean? Perhaps just minor updates or cookies or... maybe a downloaded keylogger or a total drive reformat. What the software actually DOES is how many people would characterize what it "is" - but others would describe it in terms of the legalities of what it announces (in the EULA or elsewhere) at the time it installs.
Spyware creators natually argue that anything interpretable (in their favor) from the wording of a EULA conveys informed permission, therefore they aren't covert. Anti-spyware houses have generally argued that spyware is defined by its operational deployment and tactics - which are usually covert in at least some aspect of their operations, regardless of what was buried in a EULA (or if there was a EULA). Users typically define spyware as anything that takes partial or full control of a computer in ways they didn't explicitly ask for, as THEY understood it - even if they clicked a generic OK or EULA agreement button. And of course, lawyers will interpret things any number of ways.
This is one reason there are some initiatives underway to better define terminology, or even perhaps modify the way anti-???? software does its thing. As you're probably aware, that's why there are currently a number of threads on these very issues, in addition to the one you've just started:
»Targeting "Greyware" - Criteria & Definitions
»ASW Vendors in La-La Land
»Silencing the Critics: ISearch/IDownload
IMHO, right now things are moving rather quickly to a more legally-confrontational arena, and this will undoubtedly have impact on spyware itself, anti-spyware, and on even our understanding of terminology as this unfolds. 
Edit: removed double-typing
--
If God wanted us to work with electrons, He'd make them big enough to see... |
|
grey22
@telus.net
| reply to TexasGuy
"How would you describe term "SpyWare" ?"
3rd party software that illegally modifies a program. It's different than "Point + Click". Because your getting modifications you didn't click for. Like clicking yahoo.com, and ending up at get 100 pc's free .com. |
|
sivran
Long Live The Suite
Premium
join:2003-09-15
Arlington, TX
clubs:
·RoadRunner Cable
| reply to TexasGuy
My current favorite method of describing "spyware" is thus: any software which tracks usage for marketting, advertising, or any other commercial purposes. (Yes, marketting and advertising are pretty much synonyms, but I'll include them both anyway  )
I leave out "illegal purposes" because that is the domain of a whole different kind of malware--the trojan horse.
This definition leaves issues of user desire, consent, and EULAs out, and thus will most likely apply to a great many benign applications. In fact, this definition applies to *all* "limited usage trial" shareware programs. That nice "twenty usage" trial of Quantum Wave Editor or what have you is tracking you just the same as that not-so-welcome installation of WhenU. The main difference is you wanted the Editor, whereas you most likely didn't want WhenU.
And that's my (somewhat flawed and overly simplistic) definition, for the time being.
--
TCPA - Treacherous Computing
Kerio 2.1.5 - Best damn firewall
Home licensing should be just that. |
|
TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
| reply to TexasGuy
There are also some qualities that apply to spyware, adware, and just plain malware. You may not have authorized its install (drive-by installs), the EULA may have been deliberately confusing or vague, there is no uninstall, it will reinstall if you try to uninstall, it will intentionally break your system if you do uninstall, it hides with random file names to make uninstall difficult, the description used to get you to click on it was deliberately deceptive or it may even attempt to uninstall other competing spyware/adware/malware applications.
--
TheJoker |
|
