Fighting malware and spam

Defining rules for acceptable adware

Jason Bruce SophosLabs

Adware has a place in computer software as much as television advertising does on commercial television stations. However, without sufficient regulation to control the methods used in the distribution and implementation of adware it is difficult for anti-virus or anti-spyware vendors to draw a line and focus on those applications that clearly overstep the mark of acceptable business practice.

I will be analysing the common revenue models, the usage of statistics and the distribution methods used by adware, and distributors of adware, to understand the essential components that make this software an effective method for generating revenue. This analysis will then be used to draw up rules which define acceptable functionality for adware and the mechanisms used for distribution whilst maintaining the core business objectives.

The goal is to create a distinction between legitimate and malicious adware that vendors of security software can more clearly identify. These vendors can then concentrate on blocking the malicious adware while allowing true legitimate adware to benefit the computer using community; enabling software vendors to offer free or subsidised software without carrying the stigma increasingly being attached to software carrying the adware label.