Cyber Security Industry Alliance Newsletter • Volume 2, Number 6  • February 2006

Anti-Spyware Coalition:
Building Consensus in the Fight Against Spyware

It's been less than a year since the public interest advocates and academics teamed with the top providers of anti-spyware software to form the Anti-Spyware Coalition, but already the group has notched some impressive achievements in its effort to strengthen the technological response to malicious and unwanted software.

Since its formation in the spring of 2005, the Anti-Spyware Coalition (ASC) has released a widely adopted set of definitions for spyware and other potentially unwanted technologies; published a risk-modeling document that details the specific behaviors that cause programs to be flagged as spyware; and held its first public meeting, drawing leading experts from government, industry and the public interest community to discuss the next steps in the fight against spyware.

"For a coalition of this size to generate as much work as we have in such a short time is remarkable," said Ari Schwartz, deputy director of the Center for Democracy and Technology (CDT), which coordinates ASC efforts. "The members of this coalition obviously care deeply about controlling the spyware problem and have demonstrated that concern by devoting serious time and effort to the coalition's efforts."

Spyware is a global scourge that's reached epidemic proportions. A May 2005 survey by the Ponemon Institute found that 85% of frequent Internet users believe that they have had spyware on their computer and of those 86% said that the spyware caused a direct monetary or productivity loss.

Although companies have developed numerous effective tools for combating spyware, the overall effort to address the problem had been hampered by a lack of agreement and clarity over how to distinguish good programs from those that raise concerns.

Enter the ASC. The coalition was established to coordinate the efforts of companies and groups committed to the fight against spyware. ASC focuses on the technological responses to the problem, helping consumers to understand the tools that are available to them and drawing on the combined expertise of its members to strengthen technological anti-spyware efforts globally.

In its first public act, the coalition released a draft of its spyware definitions. This document for the first time provided consumers and stakeholders in the anti-spyware field a common language with which to address the growing problem. The coalition threw the document open to the public, and after an informative comment period, finalized the document last October.

Since then, the spyware definitions have emerged as the lingua franca for the anti-spyware world, being adopted by top anti-spyware advocates and referenced by researchers and journalists in their writings on the subject.

The coalition followed the spyware definitions with a more technical risk-modeling document that clearly defined the dangerous behaviors that cause certain pieces of software to be labeled as "spyware." The document offers users a clearer understanding of how the programs that protect their computers work. It also serves as a helpful guide for anti-spyware providers.

Just as the spyware definition laid the groundwork for the risk-modeling document, the risk-modeling document sets the stage for the eventual development of industry-wide "best practices," a key goal of the coalition.

"We've already made great strides in the fight to give people back control over their computers, " Schwartz said. "If the coalition's first nine months are any indication, we'll have a great many more accomplishments to discuss nine months from now.

All ASC documents are available to the public at

Note: See CSIA's summary of the ASC's February 9 Public Anti-Spyware Workshop, in this edition of the CSIA newsletter.