A coalition of anti-spyware vendors and consumer groups published guidelines Thursday to help consumers assess products designed to combat unwanted programs that sneak onto computers.
The Anti-Spyware Coalition released the guidelines for public comment and also updated a separate document that attempted to craft uniform definitions for "spyware" and "adware" in hopes of giving computer users more control over their machines.
According to the Pew Internet and American Life Project, Internet users have become more cautious online because of worries about spyware and adware, which can bombard users with pop-up ads and drain processing power to the point of rendering computers unusable.
Nearly half of adult online Americans have stopped visiting specific Web sites that they fear might infect them with such unwanted programs, and a quarter have ceased to use file-sharing software, which often comes bundled with adware.
In addition, 43 percent of Internet users say they've been hit with spyware, adware or both, with broadband users generally at greater risk.
The new guidelines from the coalition assign risk levels to various practices common with spyware and adware.
High-risk practices include installation without a user's permission or knowledge, interference with competing programs, interception of e-mail and instant-messaging conversations and the display of ads without identifying the program that generated them.
Changing a browser's home page or search engine setting is deemed a medium risk, while using data files called cookies to collect information is considered a low risk.
"Although all behaviors can be problematic if unauthorized, certain ones tend to have a greater impact and are treated with more severity than others," the guidelines say.
The idea is to agree on what practices consumers should worry most about. Within the general rankings, individual vendors still have leeway to assign their own weight to each behavior in deciding whether to quarantine or remove a program when detected.
The coalition also offers similar rankings on consent.
High marks go to programs that are distributed as separate downloads in clearly labeled packages, while those that try to bury what they do in legalese are given low ratings.
The commenting period on the guidelines ends Nov. 27.
The guidelines could encourage industry "best practices" that developers of adware and other programs could follow to avoid getting flagged by anti-spyware vendors.
However, the coalition has yet to set a timetable for defining such practices, said Ari Schwartz of the Center for Democracy and Technology, which led the coalition.
Nonetheless, Schwartz said, Thursday's announcements represent a start toward long-term improvements in anti-spyware tools and consumer education.
"There won't be as much gray area, and we'll have more transparency out there," he said.
A separate coalition document defining spyware and related terms changed little from the draft issued in July.
The updated definitions document, reflecting nearly 400 comments received from the public, still flags as potential threats — an umbrella definition that includes spyware, adware and other categories such as "hijackers" and "cookies" — programs that:
- impair users' control over their systems, including privacy and security;
- impair the use of system resources, including what programs are installed on their computers; and/or
- collect, use and distribute personal or otherwise sensitive information.
But by classifying "adware" as falling under the umbrella term, "Spyware and Other Potentially Unwanted Technologies," the coalition avoided a key dispute that has led to lawsuits by adware developers against anti-spyware vendors: Is adware a form of spyware or are the two separate?