Who's watching your PC? Marketers, that's who. But they aren't alone: third parties using hidden programs known as spyware can track tasks performed and information stored on your computer, without your knowledge or consent.It's been a Spyv. Spyworld since 1961, when Mad Magazine introduced the white- and black-clad agents whose nefarious tricks escalated as they ceaselessly tried to do each other in. In the cartoon, innocent bystanders are seldom caught in the middle, but in today's online espionage encounters, consumers are the victims of spyware that may be downloaded to their computers without their knowledge. Some of these programs gather user data such as Web-surfing habits and send the information to marketers; others monitor or record all activities on the computer. "Spyware appears to be a new and rapidly growing practice that poses a risk of serious harm to consumers," according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. testimony prepared for a Federal Trade Commission (FTC FTC See Federal Trade Commission (FTC). ) appearance before members of the House Subcommittee on Commerce, Trade, and Consumer Protection. (1) There are almost as many definitions of spyware--a.k.a. adware, malware, snoopware, foistware, pestwace, scumware, and tresspassware--as there are programs. "Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes" is the "working definition" that the FTC filed in the Federal Register notice for its April workshop on spyware. (2) The commission noted that the programs usually come as hidden components in downloaded freeware or shareware programs and that they monitor user activity on the Internet, then transmit that information to someone else. (3) At the least, adware causes pop-up ads to appear, based on the content of the Web site being visited; pop-ups proliferate rapidly and may obscure the entire computer screen. Some adware may "hijack" a Web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. , sending the user to a competitor's Web site or a lookalike site that might be "phishing" for data. (4) Adware may also track personal information such as a user's age, sex, location, and surfing and buying habits. Other kinds of spyware monitor everything a user types (keystroke logging Keystroke logging (often called keylogging) is a diagnostic tool used in software development that captures the user's keystrokes. It can be useful to determine sources of error in computer systems and is sometimes used to measure employee productivity on certain clerical ), scan hard-drive files, snoop for information in other applications such as e-mail programs and word processors, install other spyware programs, capture credit-card and banking information, and relay all this to the spyware author to use for marketing or fraud. A TRIAL editor was recently doing online research, "merrily Googling away, when suddenly all these ads started popping up. Each time I closed one box, another--or several more--would pop up. Many of them asked me if I wanted to download programs. A lot of them were what you'd call racy rac·y adj. rac·i·er, rac·i·est 1. Having a distinctive and characteristic quality or taste. 2. Strong and sharp in flavor or odor; piquant or pungent. 3. Risqué; ribald. 4. . It was really impossible to work on anything," she said. A savvy computer user, she tried to delete from her computer any programs that were created during that online session. But it took a tech professional several attempts to remove all the spyware, wasting hours of the editor's time and pulling the technology staffer off other important projects. Spyware can enter your computer via installation of a new program from the Internet, as a software virus or an e-mail attachment A file that rides along with an e-mail message. The attached file can be of any type. E-mail programs make it easy to attach a file. For example, in Eudora, all you do is select Attach from the Message menu, browse through the folder hierarchy to find the file you want and then double , or "bundled" with a software package you purchase. Spyware can be sneaky: It runs in the "background" (5) of the computer so users aren't aware of it. Some spyware embeds itself deeply in the registry (system configuration files) of computers running Windows, where it can be difficult to extract. Some spyware reloads itself to the registry after you delete the invader, and some installs when you click an "unin-stall" option. Security, expert Steve Gibson found that audio- and video-streaming company Real Networks used a type of "phone home" spyware. "I went a bit ballistic when I discovered that Real Networks' file-downloading utility, 'Real Download,' was sending a report of every download back to Real Networks with a unique ID they had assigned to me," he writes on his Web site. (6) The company eventually updated Real Download to remove the privacy-invading ID tagging. Everyone agrees spyware is a problem, but not how to categorize or solve it. The Center for Democracy & Technology (CDT CDT abbr. Central Daylight Time CDT Central Daylight Time CDT n abbr (US) (= Central Daylight Time) → hora de verano del centro; (BRIT )--a nonprofit public policy group that promotes a democratic Internet and has convened software working groups--believes transparency and user control are the most important elements of a solution that also includes better consumer education, improved industry serf-regulation, anti-spyware technology, and increased enforcement of statutes that already apply to consumer software. Legislation outlawing spyware may he problematic: "The challenge facing such efforts has been crafting language that effectively addresses the spyware issue without unnecessarily burdening the software industry," according to a CDT letter asking to participate in the FTC workshop. (7) Most parties agree that all these measures are needed, while differing on their relative importance. The spyware boom is so new that there isn't much empirical research Noun 1. empirical research - an empirical search for knowledge inquiry, research, enquiry - a search for knowledge; "their pottery deserves more research than it has received" about the extent of the problem. A survey of broadband users by the National Cyber Security Alliance found that over 90 percent had spyware or adware--and most didn't know about it. (8) In eight months, McAfee Security detected just under 40 million adware applications on users' systems, said Bryson Gordon, a senior manager with the computer-security-systems company who spoke at the FTC spyware workshop. When Internet service provider Internet service provider (ISP) Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. (ISP (1) See in-system programmable. (2) (Internet Service Provider) An organization that provides access to the Internet. Connection to the user is provided via dial-up, ISDN, cable, DSL and T1/T3 lines. ) Earthlink and Webroot Software Webroot Software is a company that creates computer security software. Webroot's corporate headquarters is located in Boulder, Colorado, and the company was founded in 1997. They currently employ about 300 people worldwide. scanned more than 1 million computers with Internet connections, they found nearly 30 million spyware programs, an average of more than 27 on each computer. Some were adware--but more than 30 percent of the computers also had system monitor programs (which can capture keystrokes, e-mails, and chat-room dialogues and determine which programs are running) or Trojan horses It may never be fully completed or, depending on its its nature, it may be that it can never be completed. However, new and revised entries in the list are always welcome.
It's against the law "Seventy-five percent of the people with adware don't know Don't know (DK, DKed) "Don't know the trade." A Street expression used whenever one party lacks knowledge of a trade or receives conflicting instructions from the other party. they have it; they don't know how they got it. So we can't call those people consumers; they're victims," said Utah Rep. Stephen Urquhart, whose state recently passed the first antispyware law in the country. The state's Spyware Control Act defines spyware as "software residing on a computer that monitors the computer's usage, sends information about the computer's usage to a remote computer or server," or displays ads, using a content-based or Web-site triggering mechanism, without the user's consent. It requires that spyware companies notify a user of what the programs do, get the user's consent to install them, and provide removal instructions. Violators face a $10,000 fine per incident. (9) A Utah business can sue a spyware company that doesn't comply with the law when its program displays ads on the business's Web site. Owners of Web sites, trademarks, or copyrights, as well as authorized Web site advertisers, may bring private actions. The law does not allow class actions. Some critics say the Utah law is too broad. It "tried to rope in rope in Verb to persuade to take part in some activity Verb 1. rope in - divide by means of a rope; "The police roped off the area where the crime occurred" cordon off, rope off and regulate exactly the kind of software that many of us depend on for a confident experience over the Internet," said Mark Bohannon, general counsel for the Software & Information Industry Association, the trade association for the software and digital content industry, at the FTC workshop. For example, the law could cover parental-control software, which is effective only if children can't uninstall To remove hardware or software from a computer system. In order to remove a software application from a PC, an uninstall program, also called an "uninstaller," deletes all the files that were initially copied to the hard disk and restores the AUTOEXEC.BAT, CONFIG.SYS, WIN.INI and SYSTEM. it. The Internet Alliance (Internet Alliance, Washington, DC, www.internetalliance.org) A membership association dedicated to promoting the Internet as the global marketplace for the 21st century. Its goal is to provide a consistent message to state and federal government that enables the Internet to benefit the (an Internet trade association), AOL (A division of Time Warner, Inc., New York, NY, www.aol.com) The world's largest online information service with access to the Internet, e-mail, chat rooms and a variety of databases and services. , MSN (1) (MicroSoft Network) A family of Internet-based services from Microsoft, which includes a search engine, e-mail (Hotmail), instant messaging (Windows Live Messaging) and a general-purpose portal with news, information and shopping (MSN Directory). , Yahoo, Google, and CNET (body) CNET - Centre national d'Etudes des Telecommunications. The French national telecommunications research centre at Lannion. Networks sought to block the Utah law, claiming in a letter to Gov. Olene Walker that its definition of spyware could include beneficial software--even common e-mail programs that track which messages are delivered and when. Opponents also said the law could be interpreted to ban free software that is supported by advertising; companies that use targeted pop-up ads would lose that revenue, which allows them to provide free content to users. Urquhart said the law does not ban porn filters or instant-messaging technology. "Policy-makers here had to weigh the burdens and benefits to commerce," he said. "You've got to have laws and a cop on the beat. And so we've put a cop on the beat." A bill before the U.S. Senate is different, said Bohannon, because it doesn't define spyware but creates across-the-board rules for all software. The Software Principles Yielding Better Levels of Consumer Knowledge (SPYBLOCK SPYBLOCK Software Principles Yielding Better Levels of Consumer Knowledge ) Act--cosponsored by Sens. Ron Wyden Ronald Lee Wyden (born May 3, 1949) is Oregon's senior United States Senator. He is a member of the Democratic Party. Early career and personal life Wyden was born in Wichita, Kansas to Edith Rosenow and Peter H. (D-Or.), Barbara Boxer Barbara Levy Boxer (born November 11, 1940) is an American politician and the current junior U.S. Senator from the State of California. A member of the Democratic Party, Boxer was first elected to the U.S. (D-Cal.), and Conrad Burns Conrad Ray Burns (born January 25, 1935) is a former United States Senator from Montana. He was only the second Republican to represent Montana in the Senate since the passage in 1913 of the Seventeenth Amendment to the Constitution and is the longest-serving Republican senator in (R-Mont.)--is designed to "regulate the unanthorized installation of computer software [and] to require clear disclosure to computer users of certain computer software features that may pose a threat to user privacy." (10) The bill makes it illegal to download and install software without alerting the user, requires that software come with an easy-removal option, and bans harmful software; it specifically mentions programs that have information-collection, advertising, distributed-computing, (11) or setting-modification features. Companies would have to explain the nature of downloaded software with a clear notice that would stay onscreen on·screen or on-screen adj. & adv. 1. As shown on a movie, television, or display screen. 2. Within public view; in public. until a user consented or declined, and ads would have to tell users how to turn off the ad feature or uninstall the software. The FTC and state attorneys general would enforce the law. It does not include any consumer right of private action against wrongdoers. Some agencies aren't waiting for new law--they're going after spyware now. "We need to determine whether there is a definable class of software that can truly be called spyware. ... The easiest way to start drawing lines is case-by-case law enforcement," said Howard Beales, director of the FTC's Bureau of Consumer Protection, at the commission's workshop. To bring a case, the FTC needs to prove that an action was unfair or deceptive under the Federal Trade Commission Act and that it caused consumer injury. The FTC is investigating a complaint filed by the CDT that accuses MailWiper, Inc., of unfair and deceptive trade practices in changing users' home-page settings to direct them to a Web site that displayed deceptive ads for the company's Spy Wiper Spy Wiper, also known as Mail Wiper and Spy Deleter, is a malware program that was fraudulently sold as an antispyware program. In 2005, the Federal Trade Commission filed a civil suit against the companies Seismic Entertainment Productions, MailWiper Inc. spyware removal software. (12) "The potential of the Internet will be substantially harmed if users come to believe that they cannot use the World Wide Web without being at risk of 'infection' from home-page hijackers and spyware," the complaint states. The Department of Justice (DOJ (Department Of Justice) The legal arm of the U.S. government that represents the public interest of the United States. It is headed by the Attorney General. ) also pursues spyware cases. "We have in our quiver a number of arrows that we can use in prosecution," said Mark Eckenwiler, deputy chief of the DOJ's computer crime and intellectual property section. For instance, New York City New York City: see New York, city. New York City City (pop., 2000: 8,008,278), southeastern New York, at the mouth of the Hudson River. The largest city in the U.S. , resident Juju Jon, who installed spyware on several terminals at a Kinko's store, was convicted recently of violating the Computer Fraud & Abuse Act, and the U.S. attorney in Los Angeles Los Angeles (lôs ăn`jələs, lŏs, ăn`jəlēz'), city (1990 pop. 3,485,398), seat of Los Angeles co., S Calif.; inc. 1850. has charged Larry Lee For the football player of the same name see Larry Lee (football player). Larry Lee was a long time friend of Jimi Hendrix and eventually joined Hendrix's new band Gypsy Sun and Rainbows as rhythm guitar player. Ropp under the federal wiretap wiretap n. using an electronic device to listen in on telephone lines, which is illegal unless allowed by court order based upon a showing by law enforcement of "probable cause" to believe the communications are part of criminal activities. law for trying to intercept communications by installing a keylogging program on a computer in his workplace. The First Circuit ruled last year that Pharmatrak, Inc., a Web services (1) Loosely, any online service delivered over the Web. Such usage appears in articles from non-technical sources, but not in IT-oriented publications, because definition #2 below describes the correct use of the term. company, may have violated the Electronic Communications Privacy Act
A trademark suit inspired Utah's antispyware law. An Internet contact lens contact lens, thin plastic lens worn between the eye and eyelid that may be used instead of eyeglasses. Actors, models, and others wear them for appearance, and athletes use them for safety and convenience. retailer, 1-800 Contacts, sued advertising company WhenU.com for trademark infringement Trademark infringement is a violation of the exclusive rights attaching to a trademark without the authorization of the trademark owner or any licensees (provided that such authorization was within the scope of the license). : The ad firm placed pop-up ads on the 1-800 Contacts site for a competing contact lens seller. A federal court in New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of has issued a preliminary injunction A temporary order made by a court at the request of one party that prevents the other party from pursuing a particular course of conduct until the conclusion of a trial on the merits. A preliminary injunction is regarded as extraordinary relief. barring WhenU from continuing to place the ads. (14) In April, WhenU filed a suit against the state of Utah, claiming that the new antispyware law violates the state and U.S. constitutions. What now? The computer users and businesses harmed by spyware must devise effective ways to combat it. For the average user, spyware is a nuisance that slows the computer's operation and hampers Internet use. More seriously, these programs can facilitate identity theft or create security risks if they expose communication channels to hackers. Victims of spyware lose confidence in Internet communication and commerce, which hurts the companies that do business in cyberspace. Businesses can also be harmed by spyware that slows their computer systems, incurs costs for technical staff and software solutions to remove the programs, and hinders productivity when employees become overwhelmed with pop-up ads or experience frequent computer crashes. Spyware that captures employees' keystrokes could be used to obtain company trade secrets. The negative effects of spyware also extend to the Internet service provider and marketing industries. ISPs must add spyware filters and devote staff time to creating other solutions such as software, new procedures, and other options; and legitimate marketers who don't use deceptive or fraudulent practices may suffer economically, while those who do practice fraud or deception reap a profit. Best defense Consumers need to be aware that their computer slowdowns and crashes may stem from spyware installed on the machine, and they should run antispyware programs regularly. ISPs can run spyware filters as a service to customers, and businesses can install filters on their computer networks to catch spyware before it invades employee PCs. The software industry can pitch in, too. "I would like responsible industry to come back to us with a set of best practices that will provide consumers with transparency, notice, and choice about spyware," said FTC Commissioner Mozelle Thompson at the commission's workshop in April. "I would also like them to develop a plan to educate consumers and businesses about spyware, what it does, and also what it may not do." The best defense against spyware seems to be a good offense. "Because spyware runs in the background and you don't know what's being done, using an antispyware program may be the only way to be proactive about the problem," said Marc Courey, a plaintiff attorney in Bloomington, Minnesota Bloomington is a city in Hennepin County, Minnesota, and a southern suburb of Minneapolis. As of 2005, it had a population of 84,347, making it the largest Twin Cities suburb, and the fifth largest city in the state[1]. , who runs a weekly antispyware program on his computers. He also relies on antivirus and antispam software "as part of the normal routine of maintaining a computer system and maintaining security." For now, for most of us, that will have to do. Notes (1.) See www.ftc.gov/os/2004/04/040429spywaretestimony.htm (last visited June 22, 2004). (2.) Conference: Monitoring Software on Your PC: Spyware, Adware, and Other Software (Apr. 19, 2004). See www.ftc.gov/bcp/workshops/spyware/index.htm (last visited June 22, 2004). (3.) See. e.g., Ctr. for Democracy & Tech., Ghosts in Our Machines: Background and Policy Proposals on the "Spyware" Problem (Nov. 2003), available at www.cdt.org/privacy/031100spyware.pdf (last visited June 22, 2004); Inside Spyware: A Guide to Finding, Removing, and Preventing Online Pests, available at www.intranetjournal.com/spyware (last visited June 22, 2004); Cade Metz, Spyware, It's Linking on Your Machine, P.C. MAG. (Apr. 22, 2003), available at www.pcmag.com/article2/0,1759,978170,00.asp (last visited June 22, 2004). (4.) See Rebecca Porter, Smothered smoth·er v. smoth·ered, smoth·er·ing, smoth·ers v.tr. 1. a. To suffocate (another). b. To deprive (a fire) of the oxygen necessary for combustion. 2. by Spam, TRIAL, Feb. 2004, at 50. (5.) The foreground process is what you see on the screen--it responds to user input from the keyboard or mouse. Background processes don't accept user input, but they can access data that has been stored on a computer. See Background, at www.webopedia.com/TERM/b/background.html (last visited June 22, 2004). (6.) Gibson's page has a newsgroup newsgroup Internet forum for discussion of specific subjects. Newsgroups are organized into subjects (e.g., automobiles); each typically has several subgroups (e.g., classic cars, Formula One racing cars). devoted to spyware, http://grc.com/default.htm (click on "Discussions") (last visited June 22, 2004). (7.) See CDT Comments and Request to Participate (Mat. 5, 2004), available at www.ftc.gov/os/comments/spyware/040305centerfordemocandtech.pdf (last visited June 22, 2004). (8.) The alliance is a cooperative public education and outreach effort between industry and government organizations. See generally www.staysafeonline.info (last visited June 22, 2004). (9.) H.B. 323, 2004 Gen. Sess. (Utah 2004). (10.) S. 2145, 108th Cong., 2d Sess. (2004). (11.) This is a type of computing in which the different components of a software program call be located on different computers connected to a network. (12.) In re MailWiper, Inc. (filed Feb. 11, 2004). (13.) In re Pharmatrak, Inc., 329 F.3d 9 (1st Cir. 2003). (14.) 1-800 Contacts, Inc. v. WhenU.com, No. 02 Civ. 8043 (S.D.N.Y. Dec. 22, 2003). RELATED ARTICLE: Nabbing the spies. When there are spies everywhere, you have to be vigilant. "Run an antispyware program, but remember that some of the programs it finds are ones you want to have installed and that serve a useful purpose," said Marc Courey, a plaintiff attorney in Bloomington, Minnesota. "You want the antispyware program to locate [potential spyware] and report what they are and do, so you can selectively make choices about what you want to remove." The antispyware program might find and label as spyware something that mentions a Web site you frequent, for example. That "spyware" program might be one you want to keep--it might be storing passwords or processes that make your use of the site easier. "There are programs that run in the background--which is what spyware does--but a lot of them may be a normal part of the computer's operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. or ones that you've actually selected to use," said Courey. "If you go through and delete them without regard for what they are, you can hurt the functionality of your system." I downloaded and ran the free Ad-aware 6.0 Personal on my home PC and found 243 items tagged as potential spyware--including categories such as "data miner A program that analyzes activity in the computer. It may refer to legitimate analyses commonly performed by organizations internally (see data mining) or to spyware that secretly captures a user's Web surfing habits (see spyware). ," "malware," and "tracking cookies." The program gave me the option of removing them all or selecting which ones to remove; then it deleted my selections with one click. It retains a status report of what I deleted and when, and its Help feature thoroughly describes the types of files the program finds and the actions it will perform. After a week in which I was markedly circumspect cir·cum·spect adj. Heedful of circumstances and potential consequences; prudent. [Middle English, from Latin circumspectus, past participle of circumspicere, to take heed : about my Internet surfing habits, I ran the program again and found 22 new pieces of spyware, this time all tracking cookies. Cookies are packets of user information--such as login name, customized settings, and shopping cart contents--stored on the user's browser by Web sites he or she visits. Since I find that keeping the Cookies feature enabled on my computer simplifies my use of certain favorite sites, I plan to scan often for spyware and delete any cookies accumulated from sites I don't recognize. I put the Ad-aware icon smack in the middle "Smack in the Middle" is a first-season episode of Batman. It first aired on ABC January 13, 1966 as the second episode of the series, and was repeated on August 25, 1966 and April 6, 1967. of my desktop so I won't forget. Here are some ways to help oust the spyware from your own PC. Provider assistance Service providers have begun adding spyware protection. Earthlink offers Spyware Blocker Software that detects and removes spyware and adware from the computer. It also prevents such software from being installed. Stateful inspection firewalls alert users when any software makes an outbound request for the first time, which could be spyware contacting a Web site. free with its TotalAccess package of software programs. Microsoft's MSN Plus has junk-mail and pop-up guards, while the Premium version also includes a virus guard and firewall. Microsoft's new Internet Explorer offers three levels, or zones, of security, and explains how to activate them on its "What you should know about spyware" page (www.microsoft.com/security/articles/spyware.asp). In May, Yahoo introduced a beta version of a browser add-on called Anti-Spy (beta.toolbar A row or column of on-screen buttons used to activate functions in the application. Many toolbars are customizable, letting you add and delete buttons as required. Toolbars may be fixed in position or may float, which means they can be dragged to a more convenient location in the .yahoo.com), which comes with a toolbar that also includes a pop-up blocker. The program runs only with Internet Explorer. The forthcoming release of AOL 9.0 Optimized software will include AOL Spyware Protection, and the latest AOL Netscape browser will include new security patches. Software You can also download antispyware programs--for free, or for a small fee--from Internetsites. Be sure to research a product thoroughly before loading it onto your computer, as some antispyware programs are actually spyware themselves. There are no standards for spyware-detecting programs. Some ATLA ATLA Association of Trial Lawyers of America ATLA American Theological Library Association ATLA American Trial Lawyers Association ATLA Air Transport Licensing Authority (Hong Kong) ATLA Avatar: The Last Airbender members recommend Spybot Search & Destroy from www.spybot.info, Ad-Aware from www.lavasoftusa.com/default.shtml.en, and Spysweeper from www.spysweeper.com/download.html. PC World evaluates Aluria Spyware Eliminator, InterMute SpySubtract Pro Version 2, LavasoftAd-aware 6 Plus, Network Associates McAfee AntiSpyware, and Spybot Search & Destroy (www.pcworld.com/reviews/article/0,aid,115939,00.asp). Intranet Journal recommendations include X-Cleaner, Pest Patrol, and Spy Sweeper (www.intranetjournal.com/articles/200309/pij_09_12_03a.html). In its Anti-Spyware Software Review, TopTenREVIEWS (which provides online product evaluations in several categories, including spyware) rated Spy Sweeper, Spyware Eliminator, and AntiSpy as its top three choices. These and 14 other programs are reviewed at www.antispyware-review.toptenreviews.com. The views expressed in this article are the author's and do not constitute an endorsement of any product by TRIAL or ATLA. REBECCA PORTER is an associate editor at TRIAL. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion