Coalition Issues Definitions For 'Spyware'

Antispyware vendors and consumer groups took a stab at issuing uniform definitions for "spyware" and "adware" on Tuesday in hopes of giving computer users more control over their machines.

The definitions seek clarity that could help improve anti-spyware products, educate consumers and fend off lawsuits from developers of software that sneaks onto computers.

It's not clear what, if anything, the taxonomy itself might accomplish in ending the deception involved in placing intrusive and damaging programs on people's computers.

The 13-page document is silent, for instance, on what developers must do to obtain consent from consumers. Nor does the document, still formally a draft, clearly state how specific programs might fall under a certain category.

"It's not the end game but it's a great starting point," said Dave Cole, director of product management at Symantec, a member of the coalition that spent three months crafting the terms.

"You've got to have a foundation, a common vocabulary to start with ... and have all of us speak the same language."

Forty-three percent of adult U.S. Internet users say they've been hit with spyware, adware or both, according to the Pew Internet and American Life Project. More than 90 percent of Internet users have changed their online behavior, meanwhile, to try to avoid becoming victimized.

Associated Press

Yahoo/Cisco Systems-Led Spam Blocking Idea Inches Closer To Becoming Technical Standard

Proposal Sent To Task Force; Microsoft, IBM among the other supporters of method for authenticating e-mails.

Someday, the Internet community might actually agree on a way to tell if an e-mail's real or likely fake.

This week, it edged closer to that spam-thwarting goal.

Cisco Systems, Yahoo, Sendmail and PGP Corp. on Saturday submitted an e-mail authentication method draft to the Internet Engineering Task Force, with hopes it will lead to a standard..

Called DomainKeys Identified Mail, the method also is supported by Microsoft, IBM, VeriSign, EarthLink and others.

"This is definitely a major step to getting it to be an Internet standard," said Eric Allman, chief technology officer at privately held mail security firm Sendmail.

Allman put together the draft for the loose alliance of tech firms. He expects a working group in the IETF to soon start discussing -- and at some point possibly ratify -- DomainKeys Identified Mail.

Called DKIM for short, it's a technical way for firms to tag and check e-mail to prove its origination point, thus helping identify spam that pretends to come from a real person or company. DKIM uses encryption for extra safety. It combines two e-mail authentication techniques: Yahoo's DomainKeys and Cisco's Internet Identified Mail.
Investor’s Business Daily

Trojan horses gallop into networks

An outbreak of Trojan horse programs is hitting networks around the world, an e-mail security company has warned.

MessageLabs said it has blocked 54,000 copies of new Downloader Trojans since 6 p.m. PDT on Wednesday.

"They are pretty run of the mill--they use e-mail subjects that have been used before," Alex Shipp, a senior antivirus technologist at MessageLabs, said. "But we're detecting them from all over the place."
CNET

Web Surfers' Sense of Siege

While users know about adware and spyware, many don't grasp the difference, according to a new survey -- and that's a big problem

Most people who use the Web still don't quite understand what spyware is -- but they know they sure don't like it. That's the finding of a new survey by the Pew American & Internet Life Project, which looked at surfers' relationship with programs that invisibly install themselves in PCs and then track users' Web activity. Advertisement

The proliferation of spyware and other unwanted software certainly seems to be changing the way the Internet is used, according to the survey of 1,336 users, conducted between May 4 and June 7. More than 91% of those questioned reported making at least one change in their online behavior to avoid downloading viruses and spyware. The survey had a margin of error of 3%.
BusinessWeek

Suspected spam king to appear in court

A 30-year-old man suspected of being the "Rizler" spam king is scheduled to appear in federal court Wednesday, following his arrest last week when he flew into the United States.

Christopher Smith, who allegedly sent a billion junk e-mails to America Online subscribers, was arrested at a Minneapolis airport after he stepped off a plane from the Dominican Republic.

Smith allegedly had been operating illegal online pharmacies and a call center in the Dominican Republic, according to a representative for the Justice Department.
CNET