B
Premium,MVM
join:2000-10-28
| reply to ghost16825
Re: Sunbelt Adjusts WhenU Detections
said by ghost16825  :said by B :That's why we need a lawsuit-proof community based effort or an individualized pseudo-Bayesian approach to spyware blocking. (I said the same in another thread today.) -- B A Bayesian approach..just won't work for this type of thing. What you're describing is a sandbox-like utility that uses your rejection of previous executables to reject new ones. This would require recognising similar parts of executables - this is almost signature based detection with heuristics, back to square one. Not necessarily -- who says it has to have signatures at all? I didn't propose a sandbox either, merely an analyzing filter that learns what YOU consider unwanted spyware. I'm not a talented enough programmer or designer to actually create such a thing.
But let's say it does amount to "signatures", if only user-defined ones. Here's part of my point. Sunbelt and Lavasoft et al. can't afford to simply block all executables that are determined to be from WhenU or Claria... but you as an individual user can. Once you control your own spyware definitions, you are free to completely blacklist at least the known offending parties, simply by having the filter learn what their code looks like and/or what their behavior is. My presumption in this case is that Spyware makers will never produce anything I want to run on my computer. I think that's a fairly safe assumption, at least until MS does go buy Gator.
Re: "A lawsuit-proof community based effort" perhaps something along the lines of Microsoft's Spynet or ZAs system of whether to allow or deny traffic based on community votes. Basically an app which relies only on an online community being aware that 1)the spyware app exists and 2) a default action based entirely on votes. No, not even close. I don't like voting-based systems AT ALL. They're generally a mess. This kind of project needs trusted leaders to make decisions about what programs are spyware; frankly it's not that hard once the lawsuit shackles are removed. I called it a "community based effort" because it would still be collaborative and distributed, perhaps following an open source development model. If, for example, a person known only as "AS" were to begin distributing "OpenAntiSpyware", put it up on Sourceforge, and accepted definitions from the public, he or she could, I hope be relatively immune from legal action for distributing a product that, for example, prevented anything by Claria from running on individual's machines... (Failing that there's still the more underground Usenet/BitTorrent/P2P/foreign soil distribution methods.)
Contentious criteria is useless in my opinion. Contentious criteria means legal threats.
That's the whole problem. There's no such thing as non-contentious criteria when you're choosing to block another person's commercial "work". We simply have to remove, somehow, the specter of hovering legal threats before antispyware can really work. (Of course I'd much rather that the normal AV companies be charged with the responsibility.)
Categorizing spyware back in its proper place, malware, and letting users define what they consider malware still seems to me to be a good approach.
-- B
--
In a realm outside causality and function |
