Bright Stove

Reflecting information risk journey

X.1207 Determined

leave a comment »

X.1207 "Guidelines for Telecommunication Service Providers and End-users for Addressing the Risk of Spyware and Potentially Unwanted Software" – This ITU-T Recommendation (which is ITU’s term for "standards") has finally reached a "determined" stage at the Study Group 17 Plenary on Sep 28, 2007, at the Geneva meeting. This Recommendation was first proposed in early 2005, and have gone through more than two years of review and updating. The gist of this Recommendation is to encourage a set of security and privacy best practices for Web Hosting services providers, which are normally TSP (or Internet Services Providers). The Recommendation promotes best practices around the principles of clear notices, user consents, and user controls for web hosting services. It also promotes security best practices (via TSP) to home users on safe and secure use of personal computers and the Internet, including the use of anti-virus, anti-spyware, personal firewall, and automated security updates. In addition, the Recommendation provides a working definition for the term "spyware", and "deceptive software".

  • Deceptive Software — Software which performs activities on a user’s computer without: 1) first notifying the user as to exactly what the software will do on the user’s computer, or 2) asking the user whether they consent to the software doing these things. (Examples of deceptive software include programs which hijack user configurations, or programs, which cause endless pop-up advertisements which cannot be easily clicked out of by the user).
  • Spyware is defined in this Recommendation as a particular type of deceptive software that collects personal information from a computer user. The personal information may include matters such as web sites most frequently visited or more sensitive information such as passwords.

As ITU-T Recommendations development process is for ITU-T members only, the draft Recommendation therefore cannot be shared here. However, upon publication, it should be freely and publicly available from ITU-T web site, since ITU has recently passed a resolution to publish all ITU-T Recommendations freely on the web. Till then, we can only wait for this Recommendation to be fully approved and published.

Advertisements

Written by mengchow

October 2, 2007 at 8:46 am

Posted in Security Standards

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: