Can You Trust Your Spyware Protection?
Editors' Note: This story has been updated to clarify information in the first paragraph of the version that appears in the July 2005 issue of PC World.
The next time you run a scan with your anti-spyware tool, it might miss some programs. Some adware companies, arguing that their software is benign, have petitioned anti-spyware firms to stop warning consumers about their software. Other companies have resorted to sending cease-and-desist letters that threaten legal action.
In the past few months, at least two anti-spyware firms' products temporarily stopped detecting some kinds of adware--a process called delisting. Last year, Lavasoft (maker of Ad-Aware) delisted advertising software WhenU from its detection database. Lavasoft told PC World that the delisting happened as the result of an employee error, and the company quickly added WhenU back to Ad-Aware's detection list. Computer Associates, which makes the PestPatrol anti-spyware tool, temporarily delisted adware made by Claria after Claria asked to have its software reevaluated, but Computer Associates later restored detection of Claria to PestPatrol.
In most cases it's difficult for customers to determine whether their anti-spyware tool has delisted anything and, if so, which adware it skips.
"When a spyware program gets delisted, users won't be aware of its presence," says Harvard law student and spyware researcher Ben Edelman. The practice, he says, "offers spyware makers a new lease on life, letting them keep users who otherwise would have removed their software."
Degrees of Spyware
Of course, some spyware apps are worse than others. One spyware program may make severe changes to your computer's settings, while another merely displays ads.
Claria and WhenU are making the case that their adware programs don't resort to illegal tactics, such as exploiting security holes, to install themselves. And though this software can be annoying, adware developers argue that merely being listed in an anti-spyware scanner's database tarnishes a company's reputation by linking its relatively benign adware application with far more harmful and intrusive spyware programs.
Each anti-spyware firm uses its own set of criteria to decide whether to remove or detect a file or Registry key related to spyware. Usually even a few bad behaviors suffice to red-tag a file as spyware or adware.
One company, Aluria Software, is taking a middle road when dealing with some software that serves advertising. The company, which makes an anti-spyware product called Spyware Eliminator, last year gave WhenU's SaveNow toolbar its "Spyware Safe Certification," and now categorizes WhenU's program as consumerware instead of spyware within Spyware Eliminator. Aluria defines consumerware as "useful applications, often given away free, [which] provide value to the end user, pose no spyware risk, and are easily and completely removed" via the Add or Remove Programs control panel. Spyware Eliminator still gives users the option of automatically removing SaveNow if they choose.
Aluria publishes a list of 26 criteria software must meet to be declared Spyware Safe. Other software publishers disagree with that approach. Peter Mackow of PCTools, maker of the Spyware Doctor anti-spyware program, says that his company won't publish the entire list of its criteria for fear that spyware companies will use the information to design a spyware application that skirts every rule; many others who fight spyware share that position.
"The spyware guys want a really rigid set of rules defining spyware so they can then make an end run around [all of them]," says Eric L. Howes, who tracks the spyware business for Spywarewarrior.com and consults for anti-spyware software companies.
Experts recommend that you employ two--or even three--anti-spyware tools. The more you use, the likelier they are to counter the individual biases of each anti-spyware company.
To Delist or Not
It's unfair to permanently blacklist a company based on its past behavior, so some delisting is inevitable. But delisting an adware application is a dangerous proposition for anti-spyware developers. In the past, some spyware and adware makers have changed their software enough to get delisted only to resume the activity that got them flagged in the first place.
As a result, the anti-spyware industry has developed a thick skin. Delisting is rare because, Edelman says, anti-spyware firms "stand up to strongly worded demand letters."
Adware companies also decry the word spyware itself as inherently negative, so some anti-spyware firms have tried to create terms that mean essentially the same thing, using more-neutral language: grayware, potentially unwanted programs, or potentially unwanted software. But Webroot's CEO David Moll argues that matters could get more confusing if the anti-spyware companies try to refer to spyware by other names, just when many people are beginning to understand what spyware can do.