Who Watches the Watchers?
Some of the largest companies on the Internet, Google, Sun and Lenovo, have formed a group to expose and publicly shame the makers of Spyware, Malware and other programs that do "bad things" to our computers. Toward this end, they are going enlist the help of Web users to create an on-going list.
A good idea in theory, but while further announcements and details are still going to come forth, let me express some reservations. Hopefully these will be addressed as further information goes out.
Who Watches the Watchers?
First of all, these are commercial companies that are financing the effort. How unbiased can you expect them to be? Google, for example, bundles its toolbar with over people's software. (As do a lot of companies, I like Google, but still.....) Can they be expected to treat reports of software made by their partners the same as that of a developer that bundles a competitor's product? Are these "good" companies? I think so. Is there a potential for bias? I would also have to think so.
Gossip, gossip, gossip.
Information about "badware" companies will be gathered from users, presumably through a reporting mechanism. This presumes that users will always accurately know what is badware, an assumption that I question.
Again, the potential for abuse exists. You find a file on your computer and don't know how it got there. Was it bundled with a legitimate product that you willingly and knowingly downloaded? How do you know if it is "bad?" Sure, some or even most programs will be accurately identified, but what if mistakes are made?
Can the ABC company launch a smear campaign against their competitor the XYZ company? "Hey everyone, go and report them!" Perhaps they coalition will vet reports, but we don't know yet.
My "Feature" is Your "Spyware"
Ever check a box that says "Check for updates automatically" and forget that you checked it until your firewall barks at you? Is that spyware? How many products "phone home" or try to access the internet to check for updates? What happens when the average user gets an alert? Will they report it as spyware?
Google also keeps information on every search you do through their search engine. That fact came to light with the request for their records from the Federal Government. (See Link) They not only keep this information in a general sense ("There were 200 searches for Aardvark's today. Aardvark must be a hot pet this year") but they keep it in a manner that ties back to YOU! Did you know that and give them permission to keep that information? This doesn't mean that they are bad guys, but I wonder if they need that level of detail.
Did you REALLY read that EULA? All the fine print?
How Do I Get My Software Off Your List?
What happens when "false positives" are reported? Users say it is spyware, but the company that makes it says it isn't. Who arbitrates the decision? In a recent discussion, I expressed the idea that there is no worse public relations dilemma than being accussed of being spyware. If you fight it, you only bring the accusation to further public attention. It's the software development equivalent of being asked if you have stopped beating your wife. There is no "good answer."
Wikipedia has a good system in place that allows for disagreement and response. Hopefully, something like that will be incorporated into the coalition's reporting system.
Summary
In principle, I think the coalition is a good idea, but they must take steps to deal with bias, inaccurate reporting and removal of false positives.
See also my article on Spyware, Adware and Malware and removal tools at
Link