Skip navigation

Spyware Detection and Classification

You've probably heard by now that Microsoft is, or was, interested in making a deal to acquire Claria--a company known for its personal- information-tracking software. Formerly known as Gator, Claria is for the most part considered to be a propagator (no pun intended) of spyware that's bundled with many popular software packages such as the Kazaa peer-to-peer file-sharing application.

Last I heard, Microsoft scrapped its plans to acquire the company, although I'm not sure if that's true. Nevertheless, Microsoft caught some additional heat last week because it downgraded the severity rating of Claria's software in Windows AntiSpyware. The severity rating of similar software from other companies, such as WhenU and 180solutions, was reported to have also been downgraded.

In an open letter published at its Web site (see the URL below), Microsoft said it made no exceptions for Claria and that the company "decided that adjustments should be made to the classification of Claria software in order to be fair and consistent with how Windows AntiSpyware (Beta) handles similar software from other vendors."

The letter goes on to say that "Today, anti-spyware vendors use different approaches, definitions, and types of criteria for identifying and categorizing spyware and other potentially unwanted software. This has limited the industry's ability to have a broad, coordinated impact in addressing the problem. That is a key reason Microsoft is a founding member of the Anti-Spyware Coalition, a group of technology companies and anti- spyware companies working alongside public interest groups to address key spyware issues."

The Anti-Spyware Coalition (first URL below) was actually convened by the Center for Democracy and Technology earlier this year. Microsoft was one of over a dozen entities that took part in the initial meeting. The coalition recently published the first draft of its "Anti-Spyware Coalition Definitions and Supporting Documents" (second URL below), which is now open for a 30-day public comment period.

The definitions outline a number of different types of spyware and describe the underlying technology and why it might or might not be useful. Microsoft and numerous other companies undoubtedly use these definitions as part of their guidelines for classifying software in their respective antispyware solutions. So reading the documents might help you get a better understanding of what spyware is from the perspective of various vendors.

Another interesting part of the documents is the outline for vendor dispute and false positive resolution. I'd guess that Claria and other vendors have used that, or a similar process, to have Microsoft review its software more closely, resulting in changes in software's severity rating in Windows AntiSpyware.

If you're interested in learning more and helping shape the way coalition members handle spyware detection and classification, be sure to read the first draft and send any comments you might have to the coalition before the end of the public comment period, August 12. After that time, the coalition will work to publish a final release sometime in the fall.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.