Problem With The Spyware Concept
In early 2000, Steve Gibson formulated the first description of spyware after realizing software that stole his personal information had been installed on his computer (Gibson Research Corporation). His definition reads as follows:
| “ | Spyware is any software which employs a user’s Internet connection in the background (the so-called ‘backchannel’) without their knowledge or explicit permission. | ” |
This definition was valid in the beginning of the spyware evolution. However, as the spyware concept evolved over the years it attracted new kinds of behaviours. As these behaviours grew both in number and in diversity, the term spyware became hollowed out. This evolution resulted in that a great number of synonyms sprang up, e.g. thiefware, scumware, trackware, and badware. We believe that the lack of a single standard definition of spyware depends on the diversity in all these different views on what really should be included, or as Aaron Weiss put it (Weiss 2005):
| “ | What the old-school intruders have going for them is that they are relatively straightforward to define. Spyware, in its broadest sense, is harder to pin down. Yet many feel, as the late Supreme Court Justice Potter Stewart once said, ‘I know it when I see it.’. | ” |
Despite this vague comprehension of the essence in spyware, all descriptions include two central aspects. The degree of associated user consent, and the level of negative impact they impair on the user and their computer system (further discussed in Section 2.3 and Section 2.5 in (Boldt 2007a)). Because of the diffuse understanding in the spyware concept, recent attempts to define it have been forced into compromises. The Anti-Spyware Coalition (ASC) which is constituted by public interest groups, trade associations, and anti-spyware companies, have come to the conclusion that the term spyware should be used at two different abstraction levels (Anti-Spyware Coalition). At the low level they use the following definition, which is similar to Steve Gibson’s original one:
| “ | In its narrow sense, Spyware is a term for tracking software deployed without adequate notice, consent, or control for the user. | ” |
However, since this definition does not capture all the different types of spyware available they also provide a wider definition, which is more abstract in its appearance:
| “ | In its broader sense, spyware is used as a synonym for what the ASC calls ‘Spyware (and Other Potentially Unwanted Technologies)’. Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:
1) Material changes that affect their user experience, privacy, or system security; |
” |
Difficulties in defining spyware, forced the ASC to define what they call Spyware (and Other Potentially Unwanted Technologies) instead. In this term they include any software that does not have the users’ appropriate consent for running on their computers. Another group that has tried to define spyware is a group called StopBadware.org, which consists of actors such as Harvard Law School, Oxford University, Google, Lenovo, and Sun Microsystems (StopBadware.org). Their result is that they do not use the term spyware at all, but instead introduce the term badware. Their definition thereof span over seven pages, but the essence looks as follows (StopBadware.org Guidelines):
| “ | An application is badware in one of two cases:
1) If the application acts deceptively or irreversibly. |
” |
Both definitions from ASC and StopBadware.org show the difficulty with defining spyware. We therefore regard the term spyware at two different abstraction levels. On the lower level it can be defined according to Steve Gibsons original definition. However, in its broader and in a more abstract sense the term spyware is hard to properly define, as concluded above.
Read more about this topic: Privacy-invasive Software
Famous quotes containing the words problem and/or concept:
“What had really caused the women’s movement was the additional years of human life. At the turn of the century women’s life expectancy was forty-six; now it was nearly eighty. Our groping sense that we couldn’t live all those years in terms of motherhood alone was “the problem that had no name.” Realizing that it was not some freakish personal fault but our common problem as women had enabled us to take the first steps to change our lives.”
—Betty Friedan (20th century)
“Jesus abolished the very concept of “guilt”Mhe denied any cleavage between God and man. He lived this unity of God and man as his “glad tidings” ... and not as a prerogative!”
—Friedrich Nietzsche (1844–1900)