What exactly is spyware? Just as with viruses, discussion of malware, grayware, adware, and spyware often gets hung up on definitions and lately even legal threats over classifications.

By Mathew Schwartz
9/6/2005

How is spyware defined as spyware?
Just as with viruses, a discussion of nasty code—malware, grayware, adware, and spyware—often gets hung up on definitions, and lately even legal threats over classifications. For example, is software “spyware”, if it includes an end-user license agreement (EULA), no matter how lengthy or obscure, that explicitly allows a program to also install monitoring software on a user’s PC?

To discuss this issue, we spoke with David Perry, global director of education at Trend Micro, and Bruce Hughes, a Trend Micro senior antivirus researcher.

Where are we in the evolution of malware, whether it’s viruses, worms, or spyware?
Perry: We’ve entered into a space where things are not necessarily malicious and not necessarily definable.

How can you tell the difference between good and bad code?
The difference is intent. The difference is adware and spyware are written for a commercial, profit motive. …

So defining spyware is less about looking at things technologically?
Well, if a piece of software gets installed on your system without your permission, you have the right to block that from happening. And as the owner of that machine, you have the right to remove that piece of software from your machine.

Hughes: On the other hand, we’re still having this discussion on viruses, after 15 years, because there are still different schools of thought about what makes a virus a virus. All of this is very contentious. The other side of the coin is, when people talk about spyware, they often mean … EULA (end-user license agreement) assignations of spyware. … But the other stuff, the no-permission, Web-borne, dark side of the force is so fantastically prevalent that the EULA, statistically speaking, doesn’t even hardly register.

How do researchers track different kinds of spyware?
Everyone is pretty much furiously researching adware and spyware. … Yet we’re [also] in new ethical territory, where there is litigation. We have to stop and make an ethical judgment on the software we’re blocking. This is new territory for us. … [Typically] if a self-replicating piece of code is on your computer, you take it away.

Has anyone proposed legislation to protect companies who classify malware?
There is an effort to create legislation. Our customers do, in fact, want us to block [malware].

Is there some non-contentious way of classifying spyware?
Ugh. We even say grayware—adware, spyware, and grayware. This is really fuzzy. If you start a conference with one definition, you might have to jump off into another definition in the middle of the discussion. … Also, if I’m using a word to stop someone from suing me because of what I’m calling them, but it means the same thing, what then?

Meanwhile, is spyware becoming more advanced and harder to detect?
Rootkits—software that can hide itself and gain control at the root level of a computer—are one of the ways spyware guys are advancing. A lot of the spyware companies are commercially backed; they’re able to hire new programmers. And we’ve actually seen new versions of adware where they detect spyware—what we used to call stealth, in the virus days.

Perry: Now we’re getting spyware that’s attempting to remove anti-adware and anti-spyware.