A new antispyware coalition has been announced.
Before reading anything more, remember that the primary people screaming for standards in defining spyware are the adware vendors.
I was immediately suspicious at the spyware conference a few weeks ago when all the spyware vendors were talking about “the need to create standards”, and a journalist I met kept saying to me that there needs to be standards. “Oh no,” I thought. “They’d gotten to him.”
Ok, so this one doesn’t have any spyware/adware guys in it, thankfully (unlike the past attempt at a coalition, COAST).
But I’m concerned. One reason is that spyware/adware vendors don’t like to be listed in antispyware product databases. It means end-users uninstall their stuff. They do legal threats against people like us. And if there is some new standard that has been agreed to, all they have to do is simply point to the standard. It gives them a way out.
It’s also what’s a bit unnerving about some of the upcoming legislation. Same reason. “Your application listed us as spyware but we don’t fall into the definitions in the law”.
The idea of a democratic process defining something as sensitive as spyware is dangerous. Spyware fighting is not a consensus-based approach.
So their charter:
…the Anti-Spyware Coalition, plans to publish proposed guidelines later this summer that define spyware, best practices for desktop software development, and a common lexicon, people involved with the group told CNET News.com.”
Is this a path to hell?
We are presently standing aside on this coalition. We are concerned about our ability to serve our consumer and enterprise customers the way they want to be treated–not based on agreements between other antispyware vendors.
They want standards? Read our listing criteria , arguably the best set of standards in the business. I mean it. Read them and see for yourself. We’ve covered the bases. Just copy and paste, you’ve got your standards. Move on.
This isn’t Betamax vs. VHS. If I label abetterinternet as “directrevenue.abetterinternet” vs. “dr.abetterinineter”, who cares? It’s not important. It’s just a naming standard.
Or a better example: If my database flags Hotbar as a threat, but another vendor doesn’t, who is the better vendor? The consumer, armed with independent reviews by authoritative publications, makes that choice.
The problem is spyware/adware definitions have a lot of gray areas. It’s not like viruses, which are black and white.
Here’s an example. Look who has delisted Hotbar (according to Hotbar): Microsoft. Lavasoft. SpywareDoctor. McAfee. Panda.
Who served their customers best by giving in to Hotbar’s pathetic threats?
Then look at who is on the new antispyware coalition:
Computer Associates International (PestPatrol)
Safer Networking (Spybot)
Business Software Alliance
Cyber Security Industry Alliance
National Consumer Law Center
Canadian Internet Policy and Public Interest Clinic
Berkeley Center for Law & Technology
Center for Democracy & Technology
Missing are some of the major superstars of antispyware research. Ben Edelman. Eric Howes and Suzi Turner of Spyware Warrior. Wayne Porter. Andrew Clover of Doxdesk . Paperghost. Dave Methvin of PC Pitstop. Jan 2006 update: A lot has changed since I wrote this post. Many of these folks mentioned will be panelists at the upcoming ASC conference in February 2006. See the ASC webpage for all the latest news.
Now, that’s not to invalidiate all the people who are members. There are some major league players that I have tremendous respect for, people like Ari Schwarts of the CDT, and the people at Webroot. But is this just it?
Maybe I’m too much of a hardliner. Yes, this fight is very real and very visceral for me. I don’t know how many other software company CEOs have spent late nights de-infesting a friend’s machine. I have and I’m pissed. And my primary business is selling to the enterprise, and they have decidedly hard views on security threats.
I wish the best to any group trying to solve the mess of spyware. We will stand by the side and see what happens.