Rick Carlson, president of COAST co-founder Aluria Software, said COAST’s collapse last week highlighted the group’s lack of focus, but added that talks are already underway to create a body that will carry on its work.
Carlson, echoing comments from fellow COAST drop-out Computer Associates International Inc, said Aluria has already been in talks with CA and other anti-spyware companies about forming a replacement group.
CA suggested last week that now would be a good time for the major anti-virus firms, which are late to the anti-spyware feature set, to fill the gap left by COAST. There’s nothing firm in place yet, according to Carlson.
COAST was set up to, among other things, create a definition of spyware. It collapsed when makers of gray-area spyware products began to join the group, before such a definition had been agreed upon, Carlson said.
The organization, founded in late 2003, saw two of its founding companies, Webroot Software Inc and Aluria, drop out two weeks ago. CA followed suit, professing its reluctance to do so, a few days later.
Nobody seems to have a straight answer as to why the group fell apart. CA said it left because the other two companies did. Aluria’s Carlson says the organization was finding it impossible to meets its goals.
In January, the group admitted 180solutions Inc, an advertising company that makes software many anti-spyware vendors define as spyware, into its ranks. Two weeks ago, Webroot announced a $108m round of venture capital.
Carlson said that he did not like the fact that 180solutions was admitted, but said the event was a catalyst, rather than a cause, of the split. COAST, he said, should have come to standard definition of spyware before admitting companies that arguably make it.
Spyware has been a focus of the RSA Conference 2005 in San Francisco this week. Symantec Corp and McAfee Inc released their enterprise products, and Microsoft said it will give its consumer product away for free.
But there’s still debate about whether spyware is a distinct threat that needs separate vendors and separate products to deal with, or whether it is a subset of malware that should be dealt with by conventional anti-virus products.
Carlson said that spyware is a distinct threat that has many differences to viruses. Viruses are meant to spread fast and cause damage, and are written by individuals, whereas spyware is designed by companies that have better resources and talent, for example.
This means that spyware authors can be reasoned with in ways that virus writers cannot, hence the need for definitions of what spyware is. Some spyware makers have reformed their practices, and no longer are detected by anti-spyware software.
We can be dangerous to these companies, in that if we can put them in our databases, we can take them off of millions of desktops, said Carlson. So we need standards here.
There will probably always be a set of spyware makers that operate outside of best practices, which will create the need for anti-spyware capabilities. How keen anti-spyware vendors are to reduce the perceived threat remains to be seen.
Carlson said he sensed the position from some of the other anti-spyware vendors was that they want to see the world in black and white, as a struggle between the good guys and the bad guys, much like the anti-virus world.
A black and white world ensures the health of the anti-spyware industry, he said. Aluria remains the only anti-spyware vendor to publish the criteria for listing in its spyware database on its web site, Carlson said.
Now that COAST is gone, the antivirus vendors have an opportunity to step in and fill the gap. The mature industry already has the mechanisms and relationships in place to share information more effectively that the anti-spyware startups.
Carlson said he hopes that whatever forms to replace COAST will include both the antivirus and anti-spyware vendors, but that it will exclude companies that make gray-area software that are seeking certification or marketing collateral from being part of it.
