Congress Questions Pending Spyware Bill

Even federal lawmakers recognize that the pending Spyblock Act will probably have a limited effect on spyware.

Even as they move rapidly toward taking action against malicious software programs in the next few weeks, federal lawmakers recognize that any move they make will likely have a limited effect on the huge problem of spyware.

Fearing that a pending anti-spyware bill, the Spyblock Act, could inadvertently hamper legitimate downloadable products, software makers are busy lobbying for legislation that would pre-empt myriad state initiatives under way.

Earlier this month, Microsoft Corp. Chairman and Chief Software Architect Bill Gates was on Capitol Hill talking to lawmakers about a market-driven approach to battling spyware—an approach that has won a number of adherents in Congress.

As an alternative to the Spyblock Act, a new measure introduced last week would provide increased resources and tools to enforce existing laws against fraud and deception, set a national standard for unfair and deceptive practices, and increase civil and criminal penalties. It would focus on criminal behavior rather than target a specific technology.

Among vocal anti-spyware advocates are a growing number who acknowledge the role technology can play in fighting spyware.

"Theres no way we can be agile enough," said Sen. Conrad Burns, R-Mont., last week at a hearing of the Senate Committee on Commerce, Science and Transportation. "I think most of the responsibility falls on the folks who represent the different ends of the industry."

Many lawmakers, however, continue to favor provisions in Spyblock that ban the installation of software without notice and consent from users and that require that users be able to easily and completely remove software, arguing that existing laws are not sufficient.

"Nobody thinks the software they produce is spyware," Sen. Barbara Boxer, D-Calif., said at the Senate committee hearing last week. "Clearly its still going on even though there have been lawsuits filed."

IT managers who have to combat malicious software on a daily basis are not waiting for lawmakers to act, although many do not object to the initiatives in Congress.

"I dont see anything wrong with [federal anti-spyware legislation] because it keeps it in the forefront of the public," said Leland Tingle, IT director for Overseas Express, a division of Raptim International Travel, which provides discount travel services for missionaries and relief workers. "Do I think a specific law is going to help? Not really."

The Chicago-based company is as vulnerable to malicious software as any other company, Tingle said. While he supports anti-spyware initiatives in Congress for their ability to raise awareness about the gravity of the problem, Tingle said he continues to rely on firewalls and other technology to keep his network secure.

Since January, Overseas Express has been using NetOp Desktop Firewall technology from CrossTec Corp., which prevents unwanted applications and processes from executing. It allows Tingle to manage the workstations for the entire company from one central server. He can adjust security settings and halt processes centrally to stop a malicious program within moments of infection.

"When you have that many machines to baby-sit, all it takes is one attack," said Tingle, adding that these days he worries most about Trojan attacks. "I keep a pretty high line of defense."


Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.