Academic officials from Oxford University and Harvard Law School announced Wednesday a plan to publish the names of “badware” senders in an attempt to thwart makers of malicious software such as viruses, worms, deceptive adware and spyware.
The new initiative, StopBadware.org, will also involve prominent technology companies including Google and Sun Microsystems. The effort is aimed primarily at educating users on the hazards of software that can cripple and corrupt their PCs.
StopBadware.org backers blame badware — defined as “the broad range of malicious software that is sneaking onto people’s computers, including spyware and deceptive adware” — for subverting user machines for the benefit of attackers; for annoying and unwanted advertising; and for theft of personal information. They describe the initiative as sort of a “Neighborhood Watch” program for computer users.
“We aim to become a central clearinghouse for research on badware and the bad actors who spread it, and become a focal point for developing collaborative, community-minded approaches to stopping badware,” the group stated on its Web site.
Consumers are urged to visit StopBadware.org to post their own experiences with malicious programs. The hope is that site visitors will choose, based on information available on the site, not to download programs known to have caused harm in the past.
Spearheading the group is John Palfrey, head of the Berkman Center of Internet & Society at Harvard Law School. “For too long, these companies have been able to hide in the shadows of the Internet,” he said. “What we’re after is a more accountable Internet.”
More of the Same
With a variety of reporting and repository sites for information on malicious software already available, namely via numerous computer security software firms’ portals and sites like SpywareWarrior.com, Webroot Vice President of Threat Research Richard Stiennon said the effort appears to him as little more than a posturing effort by big-name players like Google.
“My first reaction was, what do we need this for?” he told TechNewsWorld. He doubted whether StopBadware.org would gain much traction among users and criticized the term “badware,” warning that the word could actually serve to blur even further the lines between what is considered acceptable and what is not.
The last thing the security community needs is another term, VeriSign iDefense Senior Engineer Ken Dunham agreed, favoring the terms “malcode” or “malicious code” to more accurately describe the nature of software meant for no good. The term “badware” may be contributing to an already disjointed set of definitions of viruses, worms, adware, spyware, Trojans, bots, root kits and other malicious software, he told TechNewsWorld.
“It’s hard with all of these different terms when they’re really aren’t any international standards,” he said. “What’s in a name these days? What’s bad for one guy might be good for another guy. Is it bad? We don’t know. What we should be concerned about is what’s malicious. Ultimately it comes down to intent and functionality.”