The group, which includes McAfee Inc., Symantec Corp., Trend Micro Inc., ICSA Labs and Thompson Cyber Security Labs, wants to create standard metrics and common samples of spyware programs that third-party testers can use when evaluating antispyware tools.
The goal is to make it easier for companies to compare and evaluate antispyware products at a time of considerable market confusion over various offerings said David Cole, director of Symantec's security response group. 'In the antivirus space, there are several well-known testing bodies and testers who follow standards and well-thought-through methodologies' for evaluating products, he said.
But because the antispyware market is still emerging, there are few such standards available to product testers, he said. As a result, antispyware products are often evaluated inconsistently, he said. '[Standards] have been noticeably absent in the antispyware market. What we are trying to do is put out testing methodologies so that people can look at these tests and know they are reasonable tests.'
'Enterprises should welcome the announcement of the collaborative effort between the large antivirus vendors,' because it should result in better antispyware tools, said Andrew Jacquith, an analyst at Boston-based Yankee Group Research Inc. '[Antispyware tools] are probably the No. 1 increasingly deployed items' within enterprises, he said. 'This is a real issue, and the need for collaboration is great.'
Under the collaborative effort announced Monday, the participating vendors have agreed to share spyware samples they find, said Bruce Hughes, senior antivirus researcher at Trend Micro.
Spyware samples are used by vendors to develop specific signatures for blocking them with their antispyware tools, in much the same way antivirus vendors use virus and worm samples to develop signatures that block them.
Sharing samples and other information on spyware programs will allow the vendors to develop signatures for a broader range of spyware than is now possible, he said. 'Sharing spyware samples makes everybody a lot stronger,' Hughes said. Right now, there are so many spyware programs that it's difficult for vendors to protect against them all without some sort of information- and sample-sharing, he said.
The latest vendor initiative should complement the efforts by the Anti-Spyware Coalition (ASC) to develop best practices and standards for dealing with spyware programs, said Larry Bridwell, content security programs manager at ICSA Labs.
The ASC is an alliance of technology companies and public interest groups such as the Center for Democracy and Technology (CDT). In October 2005, the group released a broad definition of spyware programs that vendors can use to develop products to identify and fight spyware.
'The ASC has done a tremendous job in getting some industry consensus on terms, definitions and risk models' relating to spyware, Bridwell said. Where the industry has yet to come together is on how to test antispyware products and share information among industry researchers and vendors, he said.
The latest effort 'is completely consistent with everything that the ASC is doing,' said Ari Schwartz. associate director of the CDT. 'We've been working closely with these companies as they built their new project for sharing information on [spyware] threats.'