 | |
| ||||
January 30, 2006
|
|
|
Spyware and other potentially unwanted technologies are some of the fastest growing risks to consumers and organizations, increasing at an estimated rate of 50 to 100 percent year over year, according to some security experts.
A wide variety of consumer, shareware, and business-class anti-spyware products are available in the marketplace today. However, unlike the anti-virus space, where vendors have reached agreement on certain standards, and share sample collections in order to provide the broadest possible protection to their customers, collaboration is more complex in the anti-spyware space.
Spyware programs tend to have an increased number of registry entries, files, self-protection mechanisms, and other tools that they employ. While vendors can determine which of these entries can safely be removed, and which should be part of a test suite, it is generally too complex for the end-user. This makes it difficult for customers wanting to evaluate and compare anti-spyware products on their own to do so.
"The successful industry practices previously established for sharing virus information demonstrate the effectiveness of cooperation among Internet security experts," said Vincent Weafer, senior director of development, Symantec Security Response. "By standardizing methods for sharing spyware samples and testing antispyware solutions, customers win."
When publishing results and product recommendations, few product testers currently document their test samples or methodology, and many use very small sample sets in their testing environments. As a result, there is no distinguishable benchmark for comparison of anti-spyware product vendors, leaving customers unclear as to the most effective products and solutions for their environments.
"There is an enormous amount of confusion in the marketplace about the origins of spyware and the effectiveness of the tools designed to fight it," said Larry Bridwell of ICSA Labs. "This agreement is an important first step in maturing the industry to the point where it can effectively combat the proliferation of spyware on behalf of customers, providing a safer and more efficient online environment for everyone."
By employing standard metrics for third-party evaluation, and a common sample standard, those previously difficult-to-measure characteristics can be made consistent across the industry, enabling customers to make transparent solution comparisons.
Future initiatives of this group of spyware experts will leverage the participating members' experience in anti-virus research cooperation for threat naming conventions, intelligence-sharing best practices, and emergency information distribution guidelines. The group will use the definitions created by the Anti-Spyware Coalition (ASC) and work closely with the ASC in its effort to develop guidelines for research tools.
"The spyware threat is growing, as are the number of victims. Working together with other security leaders to extend research, to quicken response times and to further protection, is our professional responsibility to the global community as well as social responsibility to our customer-base," said Joe Hartmann, director, security intelligence research group, Trend Micro.
The group's anti-spyware testing methodology and best practices can be viewed at www.spywaretesting.org
 E-mail this story
 Printer-friendly version  Bookmark this page |
Custom Search
|
|
|
