Microsoft® Windows® AntiSpyware (Beta) is a security technology that helps protect Windows users from spyware and other potentially unwanted software. The scanning engine in Windows AntiSpyware (Beta) uses a definition library of over 100,000 threat files and settings. Spyware threats, like viruses, continue to emerge, and as a result, the Microsoft research team regularly adds new forms of spyware and other potentially unwanted software to the Windows AntiSpyware (Beta) definition library.
This white paper provides an overview of the approach and criteria categories currently used by the Microsoft research team to analyze and classify software. This is an emerging topic, with new forms of spyware and other potentially unwanted software developing rapidly along with their related behaviors. As a result, the approach and criteria categories described in this paper may change over time to adjust to the environment.
Microsoft’s vision is that customers should be empowered to make informed decisions about the software that installs and runs on their PCs, to manage effectively that software while maintaining the quality of their computing experience, and to protect their privacy. More information is available about our initiative for Trustworthy Computing and strategy for addressing spyware and other potentially unwanted software. While Windows AntiSpyware (Beta) may provide information and recommendations about potential threats, the user ultimately makes the decision to keep or remove any software.
Spyware is an industry-wide problem. It affects not only the companies that provide computing infrastructure such as operating systems and browsers, but also the larger community of users, businesses, and others interacting on the Internet.
Today, industry leaders use different approaches, definitions, and types of criteria for identifying and categorizing spyware and other potentially unwanted software, which limits the industry’s ability to have a broad, coordinated impact in addressing the problem. As part of Microsoft’s vision and strategy, we look forward to collaborating with other industry members to create common ways for addressing spyware issues.
Unlike other forms of software, which tend to either be "good" or "bad," spyware often exists in shades of "gray." With the exception of malicious behaviors, many of the behaviors could have legitimate purposes. The potential for harm and disruption to the user’s PC experience depends on the specific behaviors demonstrated by a given program.
As a result, software classifications in the definition library for Windows AntiSpyware (Beta) not only capture the type of program (e.g., "adware," "software bundler," "browser modifier," etc.) but also the degree of risk posed to the user. This is then communicated to the user, along with a recommended action. In Windows AntiSpyware (Beta), the user always has the ability to choose for themselves whether they want to "Always Ignore," "Ignore," "Quarantine," or "Remove" a given program.
Microsoft researchers use the criteria categories described in this white paper to determine whether a program should be added to the definition library for detection, and what classification (type, risk level, and recommendation) would be appropriate. A program only needs to exhibit behaviors that fall into one or more of the categories for it to be included in the definition library.
Read the rest here