Symantec Aims to Nail Down Adware, Spyware Definitions - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Symantec Aims to Nail Down Adware, Spyware Definitions

Symantec will push a new spyware/adware risk model from its enterprise software to its consumer line, the company said.

Symantec will push a new spyware/adware risk model from its enterprise software to its consumer line, the company said Friday, part of what it called an industry-wide effort to quantify threats as an answer to increasingly belligerent adware vendors threatening legal action if their products are tagged as harmful.

Dubbed the Risk Impact Model, it's intended, said Symantec, to "evaluate computer applications that may be difficult for users to determine whether or not removal is desirable."

Taking the tack that what one user calls adware, another may call a blessing, Symantec will analyze each piece of potential spyware/adware in five areas, then arrive at a severity rating that it presents to the customer.

The shift to such a model began in 2003, when users started submitting increasing numbers of code samples that really didn't fit into the worm/virus category.

"Our malware model of flat-out deleting things on people's machine really didn't work when there might be an application dependent on, say, a piece of adware," said Dave Cole, the director of product management with Symantec's security response group.

"The old approach of rating things still held, but we needed a new approach to classify and rate this kind of threat," said Cole. "Essentially, it's a shift from malware to 'security risk,' where how you deal with something depends on context and one's tolerance to risk."

The model takes into consideration the impact of spyware/adware on performance and privacy, how easy or difficult it is to remove, how stealthy it is during installation and operation, and its prevalence on the Internet and on users' machines.

For instance, under the Performance heading, Symantec will evaluate potential adware and spyware in its labs, and assign scores for such things as system slowdown or instability, the frequency of popups, any replacement of browser home page and search settings, and whether the software downloads additional security risks.

Some adware, for example, isn't satisfied with installing only itself, but downloads and installs whole hosts of other adware and spyware. "We're going to gauge all the applications that are out there that we could call security risks, and rate them on those five different factors," said Cole. "We're going to allow the users to make the decision whether to keep them or delete them."

Currently, Symantec's enterprise-aimed Client Security and Network Security use the risk model. It will become part of Symantec's consumer security product line before the summer, said Cole.

Each group -- enterprise and consumer -- will have its own interface to deal with potential spyware. On the consumer side, Cole said that Symantec would use an interactive interface that, for instance, may ask users if they want to quarantine a moderate threat, but will likely automatically delete software that scores as a high threat.

Cole denied that Symantec was shifting the responsibility to users for determining what was spyware -- and thus what was deleted -- and what wasn't. Although Symantec, like every security vendor in the space, has been pressured by adware vendors to "de-list" their products, he said that the company wasn't knuckling under or passing the buck.

"The truth is that most of the adware vendors complaining don't want to be detected at all," he said. "If that's their stand, they're gonna have a problem with us."

Instead, Cole claimed it was essential to create a "clear, objective, consistent approach" and apply that to all software in order to have a defensible position on adware and spyware.

"Everyone is facing a lot of pressure [from adware vendors]," he said.

Some companies have bowed to that pressure. Computer Associates, for instance, recently de-listed all Claria products -- including Gator, a popular ad server bundled with Kazaa -- from its Pest Patrol database under its Vendor Appeal program. In late February, Microsoft apologized and paid restitution to a Dutch Web site that said it had been mistakenly labeled as a supplier of malicious code.

"All the major security players have started a dialogue to talk through this," said Cole. "I think we're just at the beginning of the dialogue, but we all understand that it's going to be essential to have a formalized system like the Risk Model if we're going to succeed in the anti-adware, anti-spyware market."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll