Coast antispyware consortium falls apart

Standardization is an effort IT administrators pray for and most vendors ostensibly support, but actually getting rivals to coordinate their work and agree on goals is a fraught process. The collapse this week of an antispyware organization offers a cautionary tale, and leaves empty a coordinating role industry vendors say needs to be filled.

The Consortium of Anti-Spyware Technology Vendors (Coast) launched 16 months ago after several security software makers decided to coordinate their research and educational outreach efforts on spyware. With technology changing rapidly and online advertising standards and ethics in flux, simply defining what counts as spyware -- hidden software that gathers and transmits information about users without their knowledge -- can be controversial. Antispyware technology developers PestPatrol, Webroot Software and Aluria Software envisioned Coast as a forum and guiding body for their nascent industry, but in the past few days all three companies have resigned from the organization they co-founded.

Each cited a different reason for leaving, but disagreements over the organization's direction played a role in its demise. While Coast's founders are all developers of technologies aimed at quashing spyware, the organization's charter called for a wider membership, so last year, companies that make the kind of software Coast aims to eliminate began joining the consortium. New members had to pass an approval process and agree to work toward complying with Coast's standards, but some existing members found themselves in the uncomfortable position of associating with vendors whose products they distrust.

The bigger problem, former members say, is that as the organization diversified it became harder to accomplish anything. "Coast was a stagnant organization," said Rick Carlson, president of Orlando-based Aluria.

Aluria makes spyware detection technology used by ISPs (Internet service providers) including America Online, and is eager to see an industry-wide set of criteria for defining spyware. "When we put somebody in our detections, we potentially cause them millions of dollars of damage," Carlson said. "There's definitely a need there for standards."

Aluria, which publishes its own spyware definition criteria on its Web site, "tried to lead by example" but couldn't motivate Coast's membership to prioritize criteria standardization, Carlson said. Frustrated at the group's sluggishness, Aluria decided to resign.

Aluria announced its departure soon after Boulder, Colorado, security software maker Webroot filed its own resignation notice. "Of late, we have become concerned that Coast is moving in a direction with which we cannot agree," the company said in a press release on Friday announcing its decision. "We are not comfortable with the idea of Coast as a certification body or as a marketing tool for member companies."

The catalyst igniting the long-simmering tensions appears to be Coast's admission last month of 180solutions, a Bellevue, Washington, marketing company whose search assistant application has been criticized for weak privacy protections and installation notifications. Representatives of Webroot and 180solutions did not return calls seeking comment, but Aluria's Carlson said 180solutions' admission was a troubling sign of Coast's conflicting allegiances.