[Vision2020] Washington Post: Beware: Spyware

Tim Lohrmann timlohr@yahoo.com
Fri, 30 Apr 2004 10:06:10 -0700 (PDT)


--0-857637314-1083344770=:51790
Content-Type: text/plain; charset=us-ascii

Wayne,
    Interesting article.
    I'm positive that anyone who goes on the web regularly has many of these "bugs" on their computer--so it's a good idea to have a scanning/quarantining program if you want to get rid of them. 
    I know you've got quite a bit of expertise in this area, so I've got a question for you.
    What do you think of the freeware/shareware versions of "AdAware" and/or "Spybot Search & Destroy"  programs?
    I've run both of them and they both find "data-mining" bugs---but they seem to find different types of these spys.
    Do you know what the difference is? Is it better to regularly(I've seen once a week recommended) run both of these or is there a better program that could be run once and pretty much get rid of everything?
   Thanks for any help, TL
 

"Art Deco aka W. Fox" <deco@moscow.com> wrote:
FTC to Look Closer at 'Spyware'
Privacy Experts Warn of Dangers to Unwitting Consumers 
By Yuki Noguchi
Washington Post Staff Writer
Monday, April 19, 2004; Page A04 

A relatively new kind of software that resides in many computers and tracks its users' Web-surfing habits or triggers pop-up advertisements has come under scrutiny by federal regulators who have already cracked down on deceptive or misleading spam.

The Federal Trade Commission today is hosting a daylong workshop in Washington to discuss the effects of hidden software that may be used to control or spy on a computer without its user's knowledge.

So far most "spyware" and "adware" programs, often placed on Windows PCs by such downloaded programs as file-sharing programs, appear to have been used for the relatively benign purpose of tracking consumer preferences, said Howard Beales, director of the FTC's consumer protection division. The FTC is watching to see if criminals start making widespread use of this technology to steal credit-card and Social Security numbers of unwitting computer users, he said. 

"So far [we] haven't thought that it warranted regulation," he said. 

Privacy experts and makers of anti-spyware software say the FTC's light-touch approach leaves too many consumers vulnerable to more unwanted advertising or even the addition of controls that consumers might not realize are on their computer.

"There's a number of concerns about spyware, which is that it takes away consumers' control over their computers," said Ari Schwartz, associate director of the Center for Democracy and Technology in Washington. "We consider privacy to be a control issue as well," and many spyware programs act as surveillance tools for advertisers without the users' consent, he said. In February, the group filed a complaint with the FTC arguing for stricter enforcement against two companies involved in using software for allegedly deceptive and unfair ads. 

The software generally enters a person's computer when he or she downloads and installs free music or game programs, for example. Often, popular downloaded programs such as Kazaa and Grokster require users to agree to a licensing agreement that allows the addition of adware to the computer's hard drive, legal agreements that Beales and privacy experts concede many consumers do not fully read. Other, more underhanded spyware developers automatically install spyware without the knowledge or informed consent of the user, privacy experts and software makers said.

Estimating how many computers carry spyware or adware is difficult, in part because many consumers do not know they have it, said Nate Elliott, an analyst with Jupiter Research. Some companies consider "cookies," which are small data files that Web sites can place on a computer to store information about a user's online activity, to be a form of software, but cookies are not programs and cannot control computer functions.

Last week, Internet service provider EarthLink Inc. and anti-spyware software maker Webroot Software Inc. said a three-month audit of slightly more than 1 million computers found 29.5 million pieces of spyware, or nearly 28 per computer. Almost 24 million of these items, however, were cookies.

"We think the problem is bigger than anyone understood," said David Moll, chief executive of Webroot of Boulder, Colo. In particular, "drive-by" downloads, which occur when Web sites exploit weaknesses in Microsoft's widely used Internet Explorer browser to install spyware and adware surreptitiously, are increasingly a problem, he said.

Roger Thompson, vice president of product development of Pest Patrol of Carlyle, Pa., said: "The issue is that there is no line between good behavior and bad behavior." Although a minority of spyware is used for "malicious" purposes, "it opens a back door that allows computers to be updated by the hacker and accept commands to log keystrokes, read files, or turn on the Web cam," he said.

Federal and state legislators have taken notice. U.S. Sens. Conrad Burns (R-Mont.), Ron Wyden (D-Ore.), and Barbara Boxer (D-Calif.) have introduced legislation that would prohibit the installation of software on a computer without notice and consent, and would require easy ways to remove it. Utah enacted legislation last month, and state legislatures in California and Iowa are considering action.

While some software installers are sneaky or fraudulent, the bigger problem may be that consumers neglect to read the fine print before loading programs, said David Sorkin, a professor at the John Marshall Law School in Chicago. "It's pretty hard to install controls beyond that contract."



TechNews.com Home


© 2004 The Washington Post Company

		
---------------------------------
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs 
--0-857637314-1083344770=:51790
Content-Type: text/html; charset=us-ascii

<DIV>Wayne,</DIV>
<DIV>&nbsp;&nbsp;&nbsp; Interesting article.</DIV>
<DIV>&nbsp;&nbsp;&nbsp; I'm positive that anyone who goes on the web regularly has many of these "bugs" on their computer--so it's a good idea to have a scanning/quarantining program if you want to get rid of them. </DIV>
<DIV>&nbsp;&nbsp;&nbsp; I know you've got quite a bit of expertise in this area, so I've got a question for you.</DIV>
<DIV>&nbsp;&nbsp;&nbsp; What do you think of&nbsp;the freeware/shareware versions of "AdAware" and/or&nbsp;"Spybot Search &amp; Destroy"&nbsp;&nbsp;programs?</DIV>
<DIV>&nbsp;&nbsp;&nbsp; I've run both of them and they both find "data-mining" bugs---but they seem to find different types of these spys.</DIV>
<DIV>&nbsp;&nbsp;&nbsp; Do you know what the difference is? Is it better to regularly(I've seen once a week recommended) run both of these or is there a better program that could be run once and pretty much&nbsp;get rid of&nbsp;everything?</DIV>
<DIV>&nbsp;&nbsp; Thanks for any help, TL</DIV>
<DIV>&nbsp;</DIV>
<DIV><BR><B><I>"Art Deco aka W. Fox" &lt;deco@moscow.com&gt;</I></B> wrote:</DIV>
<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR>
<STYLE></STYLE>

<DIV><FONT size=4><FONT face=Arial><STRONG>FTC to Look Closer at 'Spyware'<!--plsfield:stop--></A><BR></STRONG><FONT size=3>Privacy Experts Warn of Dangers to Unwitting Consumers</FONT></FONT><FONT size=3> </FONT>
<P><!-- THIS JAVASCRIPT COMES FROM WASHTECH SITE FOR TESTING --><!--SCRIPT LANGUAGE="JavaScript" SRC="http://www.washtech.com/scripts/adcode.js"></SCRIPT-->
<SCRIPT language=JavaScript src="http://media.washingtonpost.com/wp-srv/washtech/javascript/adcode.js"></SCRIPT>

<SCRIPT language=JavaScript><!--
setupAdCode("sitename=wpni.washtech","pagename=software")
//--></SCRIPT>
<!-- END OF WASHTECH AD CODE PREPARATIONS --><FONT size=2><!--plsfield:byline--><I>By Yuki Noguchi</I><BR><!--plsfield:credit--><I>Washington Post Staff Writer</I><BR><FONT color=#cc0000><!--plsfield:disp_date-->Monday, April 19, 2004; Page A04 </FONT></FONT>
<P><!--plsfield:description--><NITF>
<P>A relatively new kind of software that resides in many computers and tracks its users' Web-surfing habits or triggers pop-up advertisements has come under scrutiny by federal regulators who have already cracked down on deceptive or misleading spam.</P>
<P>The Federal Trade Commission today is hosting a daylong workshop in Washington to discuss the effects of hidden software that may be used to control or spy on a computer without its user's knowledge.</P>
<P>So far most "spyware" and "adware" programs, often placed on Windows PCs by such downloaded programs as file-sharing programs, appear to have been used for the relatively benign purpose of tracking consumer preferences, said Howard Beales, director of the FTC's consumer protection division. The FTC is watching to see if criminals start making widespread use of this technology to steal credit-card and Social Security numbers of unwitting computer users, he said. </P>
<P>"So far [we] haven't thought that it warranted regulation," he said. </P>
<P>Privacy experts and makers of anti-spyware software say the FTC's light-touch approach leaves too many consumers vulnerable to more unwanted advertising or even the addition of controls that consumers might not realize are on their computer.</P>
<P>"There's a number of concerns about spyware, which is that it takes away consumers' control over their computers," said Ari Schwartz, associate director of the Center for Democracy and Technology in Washington. "We consider privacy to be a control issue as well," and many spyware programs act as surveillance tools for advertisers without the users' consent, he said. In February, the group filed a complaint with the FTC arguing for stricter enforcement against two companies involved in using software for allegedly deceptive and unfair ads. </P>
<P>The software generally enters a person's computer when he or she downloads and installs free music or game programs, for example. Often, popular downloaded programs such as Kazaa and Grokster require users to agree to a licensing agreement that allows the addition of adware to the computer's hard drive, legal agreements that Beales and privacy experts concede many consumers do not fully read. Other, more underhanded spyware developers automatically install spyware without the knowledge or informed consent of the user, privacy experts and software makers said.</P>
<P>Estimating how many computers carry spyware or adware is difficult, in part because many consumers do not know they have it, said Nate Elliott, an analyst with Jupiter Research. Some companies consider "cookies," which are small data files that Web sites can place on a computer to store information about a user's online activity, to be a form of software, but cookies are not programs and cannot control computer functions.</P>
<P>Last week, Internet service provider EarthLink Inc. and anti-spyware software maker Webroot Software Inc. said a three-month audit of slightly more than 1 million computers found 29.5 million pieces of spyware, or nearly 28 per computer. Almost 24 million of these items, however, were cookies.</P>
<P>"We think the problem is bigger than anyone understood," said David Moll, chief executive of Webroot of Boulder, Colo. In particular, "drive-by" downloads, which occur when Web sites exploit weaknesses in Microsoft's widely used Internet Explorer browser to install spyware and adware surreptitiously, are increasingly a problem, he said.</P>
<P>Roger Thompson, vice president of product development of Pest Patrol of Carlyle, Pa., said: "The issue is that there is no line between good behavior and bad behavior." Although a minority of spyware is used for "malicious" purposes, "it opens a back door that allows computers to be updated by the hacker and accept commands to log keystrokes, read files, or turn on the Web cam," he said.</P>
<P>Federal and state legislators have taken notice. U.S. Sens. Conrad Burns (R-Mont.), Ron Wyden (D-Ore.), and Barbara Boxer (D-Calif.) have introduced legislation that would prohibit the installation of software on a computer without notice and consent, and would require easy ways to remove it. Utah enacted legislation last month, and state legislatures in California and Iowa are considering action.</P>
<P>While some software installers are sneaky or fraudulent, the bigger problem may be that consumers neglect to read the fine print before loading programs, said David Sorkin, a professor at the John Marshall Law School in Chicago. "It's pretty hard to install controls beyond that contract."</P>
<P></P></NITF><BR clear=all>
<CENTER><A href="http://www.technews.com/">TechNews.com Home</A></CENTER>
<P></P>
<P>
<CENTER>© 2004<!--plsfield:end--> The Washington Post Company</CENTER></FONT></DIV></BLOCKQUOTE><p>
		<hr size=1><font face=arial size=-1>Do you Yahoo!?<br><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/hotjobs/hotjobs_mail_signature_footer_textlink/evt=23983/*http://hotjobs.sweepstakes.yahoo.com/careermakeover">Win a $20,000 Career Makeover at Yahoo! HotJobs </a>
--0-857637314-1083344770=:51790--