In the brave new world of always-online software, help files have changed. We used to write HLP files. Now, it’s compiled hypertext, or CHM files, or sometimes, it’s a web page, and not much else. Format shouldn’t affect function, but it does–the industry is getting horribly sloppy, and have forgotten that help files are about teaching, and are not about searching.
What has to be in Help?

A help file, regardless of the format, needs some basic structure. Certain questions have to be answered; they’re the same questions that applied in writing class. When writing Exposition, or writing that explains, or Reporting, writing about events, include as many of these as possible: Who, What, When, Where, Why, and How. Mostly, help files won’t include a lot of ‘why’, but try for all of them. When writing a help document, start with this outline, and expect to change the headings when it’s almost finished:

• What does the software do? Include a short description of what the software does. This isn’t a sales pitch–it’s an introduction to the software, what the workflow of the program is like, and what kind of projects are possible in the software.

• How do I get started? Include the simplest possible project, how to start creating a task, how to learn about the program, and how to save, export, publish, or display the finished task–not all of these apply to every program–choose the simplest case, and explain it.

• Where are the commands and functionality? Tell the user where you’ve hidden all that wonderful functionality, in toolbars, in the menus, in keyboard shortcuts.

• When do I use these menu choices? Include the basic sequence of steps in an introductory project.

• Why do I choose to do things this way? This is why your software matches the workflow for a specific task, best to follow a specific sequence, or it can be a description of several sequences of tasks that will work, using your software product.

• Who published it, and who are they? Include contact information, links to additional help, tutorials, and updates.

First things First

When writing step-by-step instructions, sequence is your top priority. Here’s a horrible example:

You can change the settings for communications. Check off “use alternate port” in options.

What’s wrong with that? Well, it’s vague–it doesn’t say why or when you would use these instructions. It’s out of sequence–the steps are not in the order that they become visible to a user; first list where to go, then what to do. Not what to do first and then where to go–that encourages reading backwards while the user skips forward for navigation, and back again for the option to click. Finally, it looks like the option doesn’t match the software menus, and it’s not totally clear what the menu names are labeled.

Try again:

When the software won’t connect to the remote server, an alternate port may be used. Go to the Tools menu, choose Options, and at “Use Alternate Port”, add a checkmark in the option box. Click OK to close the dialog.

What changed? First, there’s a short explanation of ‘what’ at the beginning–in real software documentation, it should be more specific. Second, the steps are strictly in the same order as a user would see them on-screen, and no steps are left out. Third, the name of the option is precisely the same as in the menu, including capitalization and underlined menu shortcut keys.

Advanced Topics

Here’s a far more complex example, taken from a WordPerfect Magazine article I wrote, way back in 1992, about creating greeting cards in WordPerfect:

Begin at the WordPerfect document screen. Press Format (Shift F8),
(2) Page, (7) Paper Size/Type, (2) Add, and (9) Other. Type ‘Card’ and press(Enter), then (8) Labels, (Y) Yes.
A new menu will appear for the label definition.

The format for magazine writing of this kind is extremely precise. Every menu label appears, with the shortcut key, and every keystroke is included, with enough information at the end to let the reader see that they’ve arrived at the right place.
This level of precision can add confusion when the program is translated. The number selections work in every language, but the letter options may not be consistent. Be careful when translating sequences of menu choices, or plan ahead during menu design to keep steps and shortcuts consistent in all languages.
Should you use this type of magazine style for help topics? On some topics, yes. Think of a short article, maybe a few paragraphs, for an extended example of how to do a task or create a project in your software. It’s a great introductory lesson, but include every step, and choose a very basic first project for the example.

Describe what Menu Options Do

I frequently wonder what a menu entry does in a program I’m trying out. I look for the matching entry in the help file. For example, under File, Export Stuff, I’ll find this:

Exports stuff in a file.

Wrong, on so many levels. First, it tells me nothing that isn’t already in the name of the menu entry. Second, it doesn’t tell me what or when or any of the other basic answers. Try again:

File, Export Stuff: Saves the current project in a special format that provides __fill-in benefit here__. The Stuff format is used for ___. This function is also known in other programs as ‘Save As’, ‘Publish To’, or ‘Send to a Service Company’.

Huh? What’s all that stuff in the last line for? Well, that fixes the next problem, of searching a help file for a function you know exists in a program, when you don’t know the name. It’s the elementary school complaint about dictionaries and spelling–“how can I look up the spelling if I can’t spell it?”

Well, when you search help for what you think an option or function is called, and don’t find it because the author has been very consistent in always calling an export an export, what happens? Not a whole lot, beyond thinking nasty thoughts. Telepathy doesn’t help; keywords do. Those alternate names are there for searching the help file by keyword.

In the Deep End without a Paddle

Many programs now have only hypertext help with search, and no table of contents. It’s very Wiki, and worthless for learning a new program. In these monsters, you can press F1 for help, and if anything happens at all, there’s a pop-up of search titles related to a topic. It should be a topic related to the screen that was displayed when F1 was pressed. That’s ideal, and that was the standard form of help, 10 years ago.

But now, too many programs display nothing but pages and pages of unfiltered word matches for every attempt to search. Make sure that the novice-level information doesn’t get buried; the users that need advanced help know how to search, and are already sold on using your program. Novice users don’t know your program, may not have bought it yet, and are easily discouraged. Keep it simple for them–quick help searches should lead to intro-level topics, and then to advanced, and not just dive into the greatest possible depths of trouble-shooting chit-chat.

No matter what the format of the help documents, include a table of contents or a good index, include an introductory lesson, and remember that help isn’t a list of dialog box names–it’s a directory of how to use your software product.

Jerry Stern is the editor of ASPects, the ASP’s Coordinator of Anti-SpywareOperations, runs Startupware.com and WordPerfect.org, and is online at www.PC410.com.

At scan time, here’s what was found (Scan by AVG antivirus 8.0):
Virus:
C:\Program Files\WinDefender 2008\Uninstall.exe
Classified as ‘Trojan horse SHeur.BZLW’

Adware:
C:\Downloads\SetupGamevance.exe
Classified as ‘Potentially harmful program Downloader.QN’
(2 copies found)

I see no proof that Gamevance is pushing WinDefender 2008. Or not. But here’s the scenario: The machine passed all scans the day before the rogue appeared. So either they showed up on the same day, arrived in each other’s company, or were both hidden by active malware. Assuming simultaneous infections is a big assumption. Caution is indicated with any site paid for by installing software, as usual.

But maybe they’re done something right. Never know. Random roll of the dice, and all that. The Vostro will, according to the press release from July 10th, be somewhat free of what they’re calling Trialware.

New York, July 10, 2007

Dell today extended its commitment to customers with a new brand of notebook and desktop computers designed for small businesses. The VostroTM branded products feature no trialware and simple to use tools that address top-of-mind problems such as data back-up, PC performance and health, and specialized networking support for customers without dedicated IT staff.

The Vostro (Latin for “yours”) product and services family is a milestone in the company’s strategy to reduce the cost, time and complexity of managing information technology for customers of all sizes.

OK, now this sounds good. Then again, they don’t really understand what their customers want:

Regardless of geography, small businesses told Dell that tools to help accomplish common, time-consuming tasks associated with backing up data and optimizing system performance, and easy support options rank among their top IT needs. To address these needs, Vostro customers receive automated support tools customized for small business at no additional cost for the first year (minimal charges may apply in some countries).

The tools include Dell Automated PC Tune-Up, which reduces more than 30 tuning, performance, security and maintenance tasks to one click; Dell Network Assistant, which simplifies the set-up, monitoring, troubleshooting and repair of a customers’ network; and Dell DataSafe Online for online backup of up to 10GB of user data and protects against data loss resulting from disasters, theft or damage.

Translation: Dell isn’t going to include Trialware, which is the word they’re using to describe free trial software that they get paid for any time a PC user clicks through and buys, upgrades, or views ads from the icons and pre-installed software on all their other machines. Instead, they’ll provide up to one-year versions of their own private-label clutter that changes standard Windows functionality to favor their own system, and auto-runs at startup. Prices for these “solutions” after the first year’s free trial weren’t announced.

Good? Well, maybe. Depends on implementation. If the startupware they install is designed to work together, it’s a smaller burden on the system than the usual combination of startupware, trialware, and bloat. But calling these boxes ‘clean’ would still be false–they’re still loading products beyond Windows and hardware drivers.

Have you bought a Vostro? Post a comment back and report if the configuration is an improvement.

More information: Here is Dell’s press release.

News.com

Other news reports have been identifying this stuff as ‘craplets’ or ‘crap applets’. Some craplets are also startupware, if they’re pre-loaded software that runs at startup. Not all. Some craplets are just desktop icons to advertising links. There’s no programming code there, so it’s just a link to delete, and not startupware.

Data backups are still a great idea. That is, if you can talk Windows into keeping all your business data in one place that isn’t on the C: drive, then that’s great, and easy. I do that here; all my data is on a D:\ partition of the hard drive, and I have a batch file that I run before major backups that copies my Internet Explorer shortcuts from c:\Documents and Settings (etc, etc, etc…) over to a folder on d:. Then I burn an uncompressed DVD disk, and store that away.

And then there’s the operating system itself. For that, the best bet is a disk image program. A disk image program creates a compressed snapshot of a drive, usually created from a boot disk or CD, and some burn it directly to multiple DVDs. Ghost is the best known of these programs, but there are others, including some from ASP authors. With an up-to-date disk image, restoring an entire partition or drive takes only a few minutes.

All right, so those steps are all very traditional, and bring us up to around 2003. And then came spyware and adware. When an adware infection gets past your software blocks, it can suddenly bring along dozens of its cousin programs, and it may not be possible to start any software for burning a new data backup. An image program is still a good idea at this point, to be sure that no data is lost during the cleanup process, but that’s not prevention.

So just what will you need to have ready to do a spyware cleanup? As a cleanup technician, I would just love to have a process list of the computer as it was when it was built or when it was known to be clean. That’s a list of every program that autoruns on the system. That would save a lot of searches; the automated cleanup tools are good, but everything that depends on a detection database is out-of-date 100% of the time, and if there is a list of what should be on the system, everything else can be removed.

Method 1, rough but helpful: Press Control-Alt-Delete, go to the task list for processes, press Alt-PrintScreen (nothing will appear to happen), exit the task list, go a word processing program or a good graphics application, and paste the new image of the task list, and then print it. If the list was too long to fit on one screen, be sure to repeat the process, after scrolling down
in the task list, and capture all the entries.

Method 2, more complete, but requires special software. Download the latest version of “HijackThis”. It doesn’t need installation; you can run it from a USB pocket drive. Although this is a cleanup program, it is also useful to use to create a record of your startup processes, and it is much, much more complete than the printout from Task Manager–it includes startup entries and registry keys affecting startups and security settings for Internet Explorer; not just Windows. Run the program, tell it to scan and create a log file, and print the log file.

Don’t rely on saving these lists; you’ll want a printout during any cleanup, and when you really need the lists, you probably won’t be able to print them.

All this is part of the general security environment we have now. Windows, by cause of its evolution from DOS and Windows 3.1 through to 32-bit code, has had a long-standing tradition of no code left behind. All the old stuff runs, if it doesn’t involve graphics or peripherals. But the result is patch recalls on patches to patches. And the spyware issue is just a commercial method of doing what big business always does: it waits until a new industry gets big enough to be profitable, and then it finds a way to monetize it. Right, monetize was not a word until recently, but now that’s what we do to make money on information web sites–we add ads to it. So that’s what is happening now–spyware is the venture capital approach to making money from computer viruses and trojans, by using them to distribute and display advertising. Some of you have already seen my earlier post on the definition of startupware, but I’ll review the main one here:

stÃrt’-up-wÃre, noun, any software that configures portions of itself to automatically start with the operating system of a computer, or to start with other previously-installed software. Startupware isn’t automatically good or evil, useful, or destructive. The definition is based on easily-verifiable action, mostly during installation, and never on the contents of license agreements, external documents, or off-site servers. It autoloads, or it doesn’t.

So startupware is a bigger category than spyware. It includes everything that autoplays. That means spyware, adware, viruses, trojans, toolbar accessories, system tray utilities, application software pre-loaders, application software phonehome-for-any-reason applets, and hardware drivers that substitute software for chips. Everything that autoplays that is not part of a default operating system configuration. Every program, process, or browser trigger. Everything in that category slows down our computers, most of it is installed by silent default, and most of it should be removed. I don’t need five autostart entries to run a color inkjet, thanks, anyway. No, I don’t want an autostart program to upload my photographs to the web. No, I don’t want a daily update check on checkbook software that’s five years and six versions out of date.

The problem is that even retail boxed software is getting into adware behavior in a big way, and if you buy a notebook computer, expect to spend hours unweaving a web of autoplaying software, all of which was installed without permission, where most does nothing for you–it just loads and tries to sell you wireless access subscriptions, or web photo service, or online this, and more of that. It’s a mess, and messes need management.

And of course, there is always the free antivirus software that doesn’t detect spyware, because the adware publisher has threatened legal action if the antivirus vendor dares to label it with such an evil label. The result is that on any one computer, we need to have antivirus software, antispyware software, popup blocker software, patches, more patches, and so on. And on. This model is too profitable for the publishers, and for me, too. I clean this stuff up, and charge by the hour. I and my clients would rather that I be paid for setting up new computers and new productivity tools, and not all this cleanup. But the tools are scattered.

OK, so what’s the programming challenge? Simple enough: create a startupware management and cleanup tool. Such a program would include these features:

Record all currently-running programs and processes for comparison on next run, including full file paths, where applicable.

Record user comments for all entries, such as “camera software–”only needed for cable sync”

Report all startupware currently set to run on the system.

Report all startupware that’ new since the last run, with options to remove it, add it to a commented ‘OK’ list, or add it to an ‘unknown, pending identification’ list.

Must be usable in safe mode.

Optional features:

Scan for viruses, trojans, and other malware based on a list of known bad products.

Block installation of startupware, with an option to add a new entry and comment to the ‘OK’ list.

Now, chunks of these programs exist. There are startup managers–that’s the closest category. But the programs currently out there can’ be used by anyone with less training than a system tech. You have to already know what every program is before you can do much of anything. Surprisingly, the closest program I’ve seen to a startupware manager is Microsoft’s MSconfig.exe. It doesn’t uninstall startupware, but it lists settings, and can temporarily block programs. There’s no record of previous settings, or commenting features.

A startupware manager is not antistartupware. Remember, startupware is neither good nor evil. Some users want popups of weather alerts. Some need reminders to get up and stretch. Some may need their software to be no more than 1 hour out of date. Well, very few, but some.

I’ll give a free mention here to at least the first five startupware managers that I find about that match the definition above, and that are usable by average computer end-users.

The problem is two-fold. First, some spyware, and malware in general, disables the automatic update features of Windows. That keeps the early infectors from getting booted out of a computer when the patches arrive, because they won’t.

Second, Microsoft added a feature to Windows Update some months back that confirmed that the copy of Windows being updated was “genuine.” While I understand why–I’m a software publisher myself, after all–the Windows authentication program was designed to be politically correct, badly. It asks permission to check your Windows for authenticity, so the automatic update fails, and does so silently. To run it, you have to go to Windows Update (in the Tools menu of Internet Explorer), do an update run manually, and approve the installation and the running of the tool. Then go back to Windows Update and search for updates AGAIN, and you’ll probably find new patches that became available once Windows was validated as genuine.

So the moral of the story is to check Windows Update manually around once a month, after the second Tuesday, and see if the updates installed. More than half the machines I’ve checked manually in the last month needed manual patching, even though automatic updates were turned on.

While you’re checking software, check that antivirus programs and everything else are updating as designed. Don’t be a target–software, like people, does what you inspect, not what you expect.

Remember that this stuff isn’t all spyware; it includes antivirus software, overly-ambitious print drivers, and it’s not all evil, although most of it is bad, all of it need managing.

What’s that? Antivirus is never bad? Wrong. If in doubt, install two of them on a clean system, and try to do some work. Be sure to refresh your memory on safe-mode cleanups first, as most combos of this type will turn a computer into a vibrating doorstop. Like all startupware, it’s a management task.

To help consumers decide what products may be allowed on their systems, a scoring method is helpful. Scores skip technobabble–that’s good. They also can cause a blanket reaction of “take out all of it, don’t bother me.” That’s usually OK, but I don’t want the phone call when that breaks the antivirus software.

The basis for using startupware as a management tool for software products and their accumulations of autoplays is that no judgement calls are allowed. Again, here is the definition:

stärt’-up-wãre, noun, any software that configures portions of itself to automatically start with the operating system of a computer, or to start with other previously-installed software.

Now, there are different ways to autostart, and it helps to know if a product cleans up its own mess on removal, so let’s find a way to score a program for startupware.

First, we need to keep track of how many programs are set to run on system startup, and if all of them are removed on uninstallation. If one program is installed, but results in two add/remove program entries, that’s backpackware, which is common in adware and spyware products, as well as simpler trojan horse programs.

Here’s a preliminary formula for Startupware scoring (version 0.1) .

Orphaned programs: 1000 x number of programs installed to autorun but not uninstalled by removing the product that was chosen to be installed. Note that one install program that results in two or more product installations will always result in a high score for deceptive behavior. Exception: One install that offers to run an additional OPTIONAL install program is counted as more than one install program, so that, for example, a camera driver install that offers to install a graphics program is counted and scored as two installations.

Orphaned settings and silent programs: 100 x number of settings changes made, but not uninstalled, and number of programs that run when product isn’t doing work for the user, such as displaying information or being on standby to do or prevent something.

Autorun count: 10 x number of programs installed to autorun.

Settings count: 1x Number of settings changes made.
comma, “version” and number of program, or “tested” and 6-digit date downloaded (yymmdd) if no version number is used.

So for some program categories, it’s impossible to have score of 0, which would be totally non-invasive and non-autoplaying; a screensaver would have a score of 11, minimum, and so would most system tray utilities, because it takes both a program and a setting change to have an autoplaying program. And some actions aren’t counted. There is no count of icons added to the desktop, the quicklaunch area, or to the menus. There is no count of file extensions modified to point to the new program.

Here are some examples: a toolbar program, with no version number, with one program running in the background while the toolbar was not on screen (100 points). It made 12 changes to system settings, and failed to uninstall 1 of them (12 + 100 points). Total 212 points.
Score: 212, tested 050825.

Example 2: a utility program, installs two programs that don’t autoplay and don’t run in the background, changes no settings, leaves no settings or programs behind, version number 2.1.
Score: 0, version 2.1.

Example 3: an application program, version 12.0. Installs 17 programs, 3 autoplaying. Uninstalls all of them. Makes 32 settings changes, removes 12 of them. (Typical big-product sloppyness, in short.) That’s 30 points for autoplays, 32 for settings, 2000 for orphaned settings, and no orphaned programs.
Score: 2062, version 12.0.

Note that spyware won’t always get the highest scores. Startupware is about invasive software that drags down system performance, and not about subtlety or theft.

Example 4: a screensaver, no version number, downloaded Sept 10, 2005. Installs one autoplay program, clean uninstall, one setting change that runs the screensaver.
Score: 11, tested 050910.

Example 5: printer driver, version 18.544. Installed 3 autoplays, left one behind on uninstall, 71 settings changes, 26 left behind. That’s 1000 + 2600 + 30 + 71
Score: 3701, version 18.544.

Example 6: anti-spyware program, bundled with toolbar with no option to install only one, installed with one program but resulting in two entries in add/remove list. That’s backpack startupware, and if no permission was asked first, it’s stealth startupware. Determining Stealth or Backpack isn’t needed–it depends on disclosures and agreements, and doesn’t affect product behavior, and so doesn’t affect scoring. There are 3 autoplays, and the uninstall that matches the downloaded product removes one of them. Settings changes: 15, 10 left behind. That’s 2000 points for orphaned programs, 1000 points for orphaned settings, 30 points for autoplays, and 15 points for settings.
Score: 3045, tested 050901.

Essentially, what we’re trying to achieve is a high score for programs that fail to uninstall themselves completely, or that massively invade the system. In other words, don’t install a program with a score above 50.

Comments? Additions? Modifications?

Spyware is adware without the license agreement.

OK, so defining two words as a variation of each other is circular reasoning, but it’s still vastly less convoluted than the definitions that the companies creating this stuff would have the government enact. Those definitions are a mess.

It would be better to have a functional definition that doesn’t imply good or evil. Keystroke monitoring programs are evil as password stealers, and good as monitors for keeping employees honest. Calling a keystroke monitor spyware implies that it is inherently bad–it might be. Most of the time. Not always.

For owners of computers, a functional definition would ignore permissions and conditions of use. A program autoloads, or it doesn’t. If it does, it’s a management issue. Put another way, one cup holder per passenger is a good thing. 426 cupholders is beyond inconvenient; it’s a crash on the way.

At last year’s Federal Trade Commission Spyware workshop, a working definition for spyware was in use, specifically: “software that aids in gathering information about a person or organization without their knowledge and which may send such information to another entity without the consumer’s consent, or asserts control over a computer without the consumer’s knowledge.”

Earlier this year, the FTC, in their report on spyware based on the 2004 workshop, decided that the working definition was good enough, without a formal definition based on new legislation. They can deal with the problem based on existing regulations.

Apparently, the urge to label things is strong–various industry groups have attempted definitions. Some of these groups include publishers of products sometimes self-labeled as adware. Some don’t. Many include publishers of cleanup tools.

Most of the definitions focus on whether or not a program sends out personally-identifiable information. For most computer users, the distinction is pointless. In most cleanups, information stolen is surfing results, and the damage done is theft of service and damage to computer systems. Unless there is also an identity theft, what the computer user wants is for the problems with the computer to go away, and for the computer to return to full speed.

The lawyers can have their legal definitions. Maybe they can come up with something to do with them. Legal definitions have a possible use for avoiding payment of damages to companies causing damages to computers; if a program is defined as spyware by a government-legislated definition, an antispyware cleanup program can remove it without danger of being sued for labeling a commercial product as spyware, or in other words, libeling a product with venture capital and lawyers on staff. But it’s of dubious value whether such a definition would do anything at all for the owner of a computer during an infection.

We need a more practical definition for computer owners and computer technicians. Such a definition will cover all programs installed without permission of the system owners, including silent installations (drive-by downloads), backpack installations of programs bundled with other products, and Trojan horse programs that claim to be something they aren’t.

Starting at the practical end, we need a definition of everything that needs removal. That’s everything that wasn’t installed by the user or as a needed system component. That’s a tricky bit–there are lots of hardware gadgets that include excess software. Now, I really don’t have a big problem, for example, with a program that installs an extra desktop or menu shortcut that will take the user to a value-added service that will provide additional income for the publisher. Such desktop clutter is action on a very fine line between helpful and annoying, but a few icons can be deleted easily enough, and they don’t run at startup–such icons are distracting trivia, but no big deal.

Installed auto-run programs are another matter. Some printers need software running to print, and some don’t. The cheaper printers substitute software for chips, and process fonts in the computer, and send the job to the printer as dots instead of letters and numbers. These brain-dead printers do require an autoplay component to process print jobs, and perhaps to monitor ink usage. By comparison, a traditional printer that works from just a printer driver doesn’t require autostarting software; it sends text and command codes that tell the printer what fonts and page options to use. All right, so cheap printers need one autoplay program to work. So why do some have five? I have yet to hear why a major printer manufacturer’s setup for a photo printer should include web sharing software for photographs and not offer an option to skip installing it, or why there would be four additional autoplay entries, none of which affect printing when they are deleted. Such software is neither spyware or adware. It is, however, a resource hog that slows down computers, installs without permission, and is totally useless for most owners of the hardware. I routinely disable these false drivers.

It’s not just hardware. I’ve found that most CD and DVD-burning software adds autoplay entries. Many are phoning home to check for updates. Here’s a hint for the software vendors: Get a clue. You wouldn’t buy a dozen wall clocks for your office, would you? No, you would use the clock you already have. No autoplay is required for update checks. Just create a task in the Windows ‘Scheduled Tasks’ list, set it to run an update check every 30 days, and stop adding to the glut of software in memory, and stop inventing your own private task scheduler to run every time the system boots, and then hang around all day waiting for tomorrow to come.

OK, now that’s two types of software that isn’t spyware and should be deleted–accessory “products” for purchased hardware and software, and the general category of “yet another phone home for updates scheduler.” Add spyware, viruses, adware, and trojans, and let’s find a definition and a name. All these items waste computer cycles. Some of them take over, and send information home. Some don’t. They all slow down computers with no benefit to the user.

From a legal standpoint, no definition is needed. Existing privacy laws, and laws on fair trade and competitive practices, give tools to law enforcement agencies for prosecuting spyware producers. Any new definitions for spyware will just give shelter to the enemy as the producers of such products adjust their products to dance on the near side of the very fine line of legality.

On the other hand, consumers need help to determine what is a problem and what isn’t, from a technical standpoint. We need a useful definition. I’ll propose a definition and see what it’s good for–startupware.

stärt’-up-wãre, noun, any software that configures portions of itself to automatically start with the operating system of a computer, or to start with other previously-installed software.

Note that startupware doesn’t judge whether a program is good or evil, useful or destructive. So to take this a step further:

Requested startupware: any autoplaying software whose installation asked for permission for every auto-starting component individually.

Backpack startupware: any autoplaying software whose installation asked permission to install something, but neglected to ask permission for autostarting software. Includes mismatched permissions, such as installing multiple autoplay components after asking permission to install only one.

Trojan startupware: Autoplaying software that claims to be one thing, but is another.

Stealth startupware: Doesn’t ask permission at all before installing startupware. Includes most viruses and worms, and all drive-by downloads.

So are these good or evil? Well, requested startupware is good if it works well at the job that it was described to do, and does nothing else. Stealth startupware is probably bad, most of the time. Backpack startupware is a system slowdown waiting to happen, but may actually have some redeeming value for a minority of users. Should the majority of these startupware programs be allowed on any user’s PC? Generally, no. Are they all evil? No.

Now, are these definitions are more useful than the already tainted word “spyware”? Yes, because there isn’t any question of whether a given product is startupware, and the basic label makes no judgement of good or evil. It can be identified, and the owner of a computer can judge whether to remove it or not. The auxiliary definitions also deal with permissions, not behavior.

Next, what can an antistartupware vendor do with these definitions? If they do a scan, and find startupware, they can create a list of everything running on the system, and categorize it. Program producers can argue with the category of startupware in which they’ve been placed, and provide proof of whether their product is or is not in a group, but overall, a scan for startupware can list everything found, its claimed utility, and then offer to test the system with all startupware disabled except for a private safe list, usually consisting of nothing more than an antivirus product. Most users will stop there, and find some system speed they never knew they had, but a cleanup product could also allow the option of adding back in any identified product for testing, preferably one at a time.

This reverses the current model–remove everything not known to be good. Current products allow everything they don’t recognize to autoplay. This guarantees infection as new products take advantage of newly-found security holes. They are cleanup tools for software known to be evil. An antistartupware tool is a system optimizer that reserves system resources for programs known to be wanted. Anti-spyware says innocent until proven guilty, expressed as software and policy. Anti-startupware is more practical–all new startupware is guilty until proven helpful.