Article

Vendors to stave off spyware scanning surprises

Bill Brenner, Senior News Writer

IT professionals often worry that their spyware scanners aren't catching everything. Those using two or more antispyware tools have found that one might flag nothing but cookies, while another might flag three dangerous pieces of genuine spyware. In the end, users have found little consistency from one tool to the next.

AV vendors announced a plan Monday to help users cut through the confusion by developing a more consistent set of criteria by which antispyware products are tested. The vendors include Cupertino, Calif.-based Symantec Corp., Santa Clara, Calif.-based McAfee Inc.; Tokyo-based Trend Micro Inc.; ICSA Labs, a division of Herndon, VA.-based Cybertrust Inc.; and Atlanta-based Thompson Cyber Security Labs LLC.

Roger Thompson, CTO of Thompson Cyber Security Labs, said Monday that without some testing standards, "marketers can make whatever claims they like and can find a tester to help them prove it."

But, he added, the new agreement sets the stage for determining which products truly work. The group hopes over time that the quality of its respective products will increase, as those whose scanners aren't up to par will have to improve.

"This is meant to close that gap and make scanners look for things based on a more common criteria as to what is

    Requires Free Membership to View

spyware and adware as opposed to other basically harmless things like cookies," Thompson said. "Right now, you may have one product that reports executables only while another tool reports 400 different things. But the latter product may have missed the executables. It's important to have standards to help people find the real spyware."

In a prepared statement, the vendors said the collaboration will eliminate confusion and empower customers to purchase solutions that meet their individual needs.

"When publishing results and product recommendations, few product testers currently document their test samples or methodology, and many use very small sample sets in their testing environments," the vendors said. "As a result, there is no distinguishable benchmark for comparison of antispyware product vendors, leaving customers unclear as to the most effective products and solutions for their environments."

The vendors added, "By employing standard metrics for third-party evaluation, and a common sample standard, those previously difficult-to-measure characteristics can be made consistent across the industry, enabling customers to make transparent solution comparisons."

The group said it will use the definitions hammered out last year by the Anti-Spyware Coalition (ASC) and work with the ASC "in its effort to develop guidelines for research tools."

The group's antispyware testing methodology and best practices can be viewed on its Web site.. It has yet to establish a timeline for its efforts.