A Revolution is the Solution
As they've said: those most interested in putting up a definition are the spyware companies themselves... or rather, their lawyers.
With a definition, they'll be free to prove that it doesn't apply to them and wage war on whomever dares to label them so or try to remove them... Arghhhh!
Maybe I'm a pessimist, but given that money is involved, it's much easier to round a few companies into a lobby that will twist the intention of defining malware for their own benefits.
I guess this is one situation where defining the problem just makes the problem worse...
Antispyware coalition
Sorry dont think so the Problem
is Jammer heads < my words for those people who Want to set up something
these sort of people will talk a subject to death and then Spawn
(commitee's ) which will need a Chairperson< note the person
the next thing you know they are Contacting and Interfacing with the Adware companies ...
and 10 years down the line nothing will have changed......
I thought WE are the coalition.
Wasn't that one of COAST'S objectives? To hammer out a 'definition' of what spyware/adware was? Oh.....and then they started letting adware companies into the fold.
And look what happened to them.
This blurb basically trashed the entire concept of industry collaboration as being intrinsically terrible, and offered nothing as a more viable alternative. I did not realize that giving a one-finger salute to various spyware applications actually kept that at bay.
Heaven forbid the industry sits down and tries to concretize some kind of long-term solution. And since when did defining things become such a rotten idea? I say it's better to define spyware. The quickest way for a term to lose meaning is to have it mean everything.
because as numerous people who are against this idea have opinted out, the only people crying out for "standards" are the people who make the software being removed by antispyware vendors in the first place. mass definitions of "spyware / adware" agreed on the terms of people who make the stuff in the first place is a bad idea.
you don't need to spend hours on semantics with regards what its called when all you need to know is, the end user doesnt want it.
ventures like this have always failed and will continue to do so.
"Heaven forbid the industry sits down and tries to concretize some kind of long-term solution."
Riiight. You mean the "industry" who's business model is sneaking unwanted crap on to your PC?? Please, having these people involved makes as much sense as inviting the porn industry to a Southern Baptist convention. Involving the ad/spyware people only legitimizes these parasites.
Is trying to define these items bad, in and of itself? No, it's not. What's going to be bad is that when one company finds a loophole in that definition (and one will), what leg will any company or user have to stand on?
All people and/or the government should be concerned about is that people don't want this. What they should be focused on is the methods that are being utilized to get installed onto a users system.
If people are utilizing illegal or unfair business practices (lacking proper disclosure for example) then we should have the right to remove them by any means possible AND companies should be able to report such software as a possible threat.
Once a "Definition" is agreed upon, then what? Things get better for a time...after that time when company XYZ finds the loophole, what do you suggest then? When they sue everyone removing them and win, because of this definition.
No, we're better off finding ways to put these companies under (via the court systems) for their abusive business practices.
Amen to that. After all, they wouldn't be *in* this mess if they hadn't acted the way they did in the first place. Why should we forgive and forget? Especially when we rinse and repeat the same "rogue affiliate" diatribe from the same companies over and over again.
Yes, but not every single adware vendor is involved in fraud. If an application arrives on a PC with the consent of its owner, can be fully uninstalled at any time, and does not act in a manner inconsistent with its EULA (although I guess that doesn't matter, because users can't be expected to read license agreements), it doesn't need to be "targeted".
Granted, many adware applications exist that do not satisfy these requirements, but standards need to be there to draw a line.
True, not every company is involved with fradulent activity. And currently each company is evaluated on a case by case scenerio. How many companies have you seen that have legit claims that they are unfairly targeted?
In addition, what if a standard were set and an application was found to be "good". What of the "bad" versions of the program that exist on the internet?
When people say we shouldn't forget what these companies have done in the past, this must be taken into consideration. Once an application has been found wanting or install methods have been found wanting, that software should be permanently labeled. This will accomplish the most important thing...protecting the consumer, protecting you and me.
I'll be brutally honest, after the fifth (counts up to 11 now) friends system I had to rebuild and defend against this form of invasion, put some of these companies under...now...
"although I guess that doesn't matter, because users can't be expected to read license agreements"
I'm going to be blunt and rude, so I'll apologize up front to Paperghost for getting on my box via his site.
That is a very uneducated and closed minded view point. Have you ever read the EULA for one of these programs? What of those EULA's that contradict themselves? What about those that leave out what their program does?
Now if all companies were clear and conciese, EULA's would work. But requiring users to read, decipher, and understand EULA's (especially given the number of "bad" EULA's) is unfair. The burden of disclosure, full disclosure, on what their program does should be on the company.
If that means they create a secondary "Dumbed down" EULA so the average Joe has a fighting chance to understand it...then so be it.
"Granted, many adware applications exist that do not satisfy these requirements, but standards need to be there to draw a line".
...but the standards applied by antispyware applications were only applied in the first place specifically *because* the adware vendors were reluctant to do something about this problem in the first place. The current mess exists purely because of their errors. The antispyware companies exist purely because of their errors.
Antispyware tools are sophisticated things - at least, the best ones are. we have no problem with an authorised install - none whatsoever. but if someone running an antispyware app sees a well known program flagged up, if they knew about the install in the first place, they're not going to have the app delete it. End of problem.
Bottom line - the companies may be more "legit", but continue to use affiliates which just does not work. as long as they do this, they will continue to be wailed on. For all the talk, one fact remains - do you want it installed, or don't you?
This simple question works on all levels and doesn't require a UN style treaty.
btw no need to apologise, you guys continue as you see fit. This is a rather enjoyable debate 
Will the ASC definition of spyware become law? International law? How would their definition allow adware/spyware developers to sue anybody? I was looking at it as a sort of suggestion, not a replacement for our current definitions.
But certainly the ASC definition is lacking in detail and range. It needs to cover a lot more ground.
I do, however, appreciate the idea of a dispute resolution process, although things are never quite as simple as they seem on paper.
Certainly, questionable EULAs exist. I recall one in particular, the EULA for ClientMan (Odysseus Marketing) which granted itself permission to remove any application or siphon any data off the PC that it saw fit. EULAs of this nature are harmful, but plenty of EULAs do in fact spell out the intended actions. Adware bundled with Kazaa and various file-sharing apps are often clearly labeled and their actions provided for.
I am not on the side of spyware vendors, I am simply saying that consumers need to be responsible for something. They are not helpless orphans.
Jay, I agree that "consumers need to be responsible for something." The problem with EULAs has always been that they are long confusing documents presented in a way that makes them hard to read. Just go over to Ben Edelman's site for dozens of examples.
Instead of signing a EULA you simply click a button to "agree". Average users don't see any danger in just clicking a button, because they don't see it as a contract. If it really was challenged as a serious contract, you can bet that a lot of jurisdictions would have some problems with it. You can't just put anything you want in a contract and call it binding.
Jay, I understand where you're coming from. And you're correct, the consumer ultimately does need to be held responsible for what they agree to.
But I disagree with holding the consumer responsible, when the companies with the shadey EULA's aren't being held responsible for, what I would call, neglient business practice.
EULA's are a binding contract between the consumer and company. With so many out there that aren't sound and don't give full disclosure...does it really matter what we sign as consumers? Sometimes the EULA contains everything and sometimes it doesn't. How do we differentiate?
Courts, companies, and individuals need to start taking up the flag here and sueing companies for breach of contract when the EULA leaves out, hides, or contradicts itself on the information therein.
I think the best 'solution' is to enforce the 'Add/Remove Program' (in Windows).
Any program has to be able to register properly and de-register when asked. Any failure in complying with this, then the company should be liable.
IOW, I don't care WHAT you install, but if that install needs an EULA, then it must comply to the install/uninstall provided by the OS. Any company that fails to provide a FULL uninstall shouldn't be able to sue anybody for doing their work.
And should be held liable for polluting my computing environment... 
That's a good idea. If it's never violated, then malware removal would be a snap. But what about prevention? Some of these things are capable of completely crippling a PC. Sure, it'll be awesome to be able to remove it just by using the control panel (assuming the OS isn't already fux0red enought to even run). But if it's gonna cost me my box, I don't want it in the first place.
A standard requiring a full uninstall option is a great idea, one I've long supported. I've even see uninstallesrs (particularly with Xupiter) that would add more code to a machine, removing only certain visual instances so as to appear effective. This is absolute fraud, of course.
But, this is where a problem arises. Let's say we've got a standard that any application lackig an uninstaller is some form of malware. Great. Then, companies will comply, and they will be maligned in other ways. You can remove then..but they show more pop-up ads that X Spyware Blogger would care to see! They must be spyware!
lacking*
them*
than*
Spelling errors from my last post.
Erm...let's not get into that!!! Let's focus on the whole spyware issue and not spelling!!!
I think it's pretty safe to assume that the drive for a definition of spyware is from the same companies doing it so that they will be able to wiggle out through legal loopholes and other technical issues.
By denying them a definition that specifies the *techniques* we avoid running into an armament race in which the user is bound to be on the loser's end.
By binding the definition of spyware to the *capability* of the user to determine how his/her resources (CPU, disk, network, etc.) are used and the user's right and ability to determine when something should stop consuming them we beat them at their definition game by attacking the basis of their business: stealth and encroachment.
Regarding 3DJelly's note on prevention... That's a totally different game. But if we could manage to enforce the registration with the OS, lots of spyware will be trivial (actually, they wouldn't be spyware any more ) And those that are not registered... well, that's the situation you have today.
But with a punch: we would now have a better legal standing to sue them for abusive and/or stealing private computational resources and denying the legal owner/user of its rights...
Commenting by HaloScan
