Download PDF version of this article PDF

Symantec’s Semantics
In the wake of Sony’s DRM (digital rights management) rootkit debacle, it was unexpected to see antivirus giant Symantec implicated for using “rootkit-like technology” in its Norton SystemWorks. The software’s Protected Recycle Bin uses a hidden system folder to protect files from being deleted; in doing so, it creates a hiding place for malware. To its credit, the company quickly remedied the problem and as of this writing, there are no documented cases of malware exploiting Symantec’s hidden files.

The irony might be that Symantec stands to lose more in terms of reputation than any of its customers lost in corrupted data or stolen information. An antivirus software company whose software is perceived to help viruses evade detection naturally stands to lose a lot of credibility with its user base. Symantec is now calling for an industry-wide effort to formally define the term rootkit, which it feels is used too liberally and as such, mischaracterizes the vulnerability discovered in SystemWorks. The effort is gaining traction—even Symantec rival McAfee seems to endorse it—but it’s not without its critics. They argue that simply agreeing on a formal definition will do little to curtail the term’s alleged misuse. They have a point—just ask anyone who cares about the difference between the World Wide Web and the Internet.


Spyware Defined…For Now
Symantec could be fighting an uphill battle to standardize the meaning of rootkit and evade potentially unjust criticism; journalists, marketers, and the general public tend to embrace popular usage, regardless of whether it aligns with any formal definition. But a similar effort under way by the Anti-Spyware Coalition could help pave the way.

The coalition was formed last year with the goal of “building a consensus about definitions and best practices in the debate surrounding spyware and other potentially unwanted technologies.” By standardizing on what constitutes spyware, the makers of anti-spyware software can, for example, more accurately classify potential threats and avoid lawsuits from alleged spyware companies that feel they have been unfairly classified. The coalition released its final draft of criteria in January, which should crystallize the spyware definitions and begin serving as the definitive anti-spyware guide for both anti-spyware software developers and the general public.

The challenge is that spyware, always a moving target, will evolve into something not currently defined by the guidelines. Fortunately, the coalition addresses this risk, stating in its FAQ that “these will be living documents that can change to reflect the evolving nature of unwanted software.”


Move over Spyware, Now There’s Myware
Your computer has been compromised by rootkits, crippled by spyware, and clogged with cookies—what are you to do? To Seth Goldstein, the answer is obvious: Take control of your data. His company, Root Markets, aims to counter the commercial exploiters of user data by beating them at their own game. As Goldstein states, “Everybody else is spying on me, so I want to spy on myself.”

Root Markets’ software collects Web usage, or clickstream, data and provides graphs of how much time, and where, you spend your time online. The clickstream data could be used for everything from satisfying your curiosity about where you spend your time online to exchanging some subset of it for discounts on goods or services. One of the more intriguing possibilities would be to use your clickstream data to vouch for your interest and/or expertise in something: Have a job interview with a company that makes Scandinavian furniture? Showing them data that proves you spent two hours every night for the last year researching the space is sure to bolster your case.



Originally published in Queue vol. 4, no. 2
see this item in the ACM Digital Library


© ACM, Inc. All Rights Reserved.