Antivirus vendors move on antispyware standards

Australian-based security vendor, PC Tools welcomes the move by a group of antivirus companies to develop standards for antispyware products, but warned it would not be successful without the involvement of companies operating in that sector.

McAfee, Symantec, Trend Micro, ICSA Labs and Thompson Cyber Security Labs formed an agreement this week which will see the antivirus giants work together to establish industry standards for identifying and evaluating antispyware products.

The group aims to make it easier for companies to compare and evaluate antispyware products at a time of considerable market confusion over various offerings said David Cole, director of Symantec's security response group. "In the antivirus space, there are several well-known testing bodies and testers who follow standards and well-thought-through methodologies for evaluating products," he said.

But because the antispyware market is still emerging, there are few such standards available to product testers, he said. As a result, antispyware products are often evaluated inconsistently, he said. "[Standards] have been noticeably absent in the antispyware market. What we are trying to do is put out testing methodologies so that people can look at these tests and know they are reasonable."

"Enterprises should welcome the announcement of the collaborative effort between the large antivirus vendors," because it should result in better antispyware tools, said Andrew Jacquith, an analyst at Yankee Group Research. "[Antispyware tools] are probably the No. 1 increasingly deployed items" within enterprises, he said. "This is a real issue, and the need for collaboration is great."

Under the collaborative effort announced Monday, the participating vendors have agreed to share spyware samples they find, said Bruce Hughes, senior antivirus researcher at Trend Micro.

Vendors use spyware samples to develop specific signatures for blocking them with their antispyware tools, in much the same way antivirus vendors use virus and worm samples to develop signatures that block them.

Sharing samples and other information on spyware programs will allow the vendors to develop signatures for a broader range of spyware than is now possible, he said. "Sharing spyware samples makes everybody a lot stronger," Hughes said. Right now, there are so many spyware programs that it's difficult for vendors to protect against them all without some sort of information- and sample-sharing, Hughes said.

The latest vendor initiative should complement the efforts by the AntiSpyware Coalition (ASC) to develop best practices and standards for dealing with spyware programs, said Larry Bridwell, content security programs manager at ICSA Labs.

The ASC is an alliance of technology companies and public interest groups such as the Centre for Democracy and Technology. In October 2005, the group released a broad definition of spyware programs that vendors can use to develop products to identify and fight spyware.

PC Tools CEO Simon Clausen said he was unable to comment on whether the group of AV vendors were trying to encroach into the antispyware arena and grab market share.

"At this stage as we do not have a clear picture of the goals of this group, but antispyware companies are definitely proving superior to antivirus companies at fighting the spyware/adware threat, so our involvement in any industry initiative would be important for it to succeed," he said.

Clausen said PC Tools already has several informal, threat-sharing relationships with a number of antivirus and antispyware companies, and he would consider joining any organization or group that aims to further protect the consumer.

"Common naming and testing is good for the consumer as long as it doesn't favour one group over another," he said.