Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Whats Spyware? (Part Deux)

    By
    Larry Seltzer
    -
    April 16, 2004
    Share
    Facebook
    Twitter
    Linkedin

      In a recent column, I looked at the proposed SPYBLOCK (Software Principles Yielding Better Levels of Consumer Knowledge) act in Congress and concluded that the initial drafting of the bill does a poor job of defining the activities it bans. I dont want to defend a bad definition of spyware, but in all fairness, I dont have a good one, either. Truth is, there is no general agreement in the anti-spyware community—even among vendors of anti-spyware software—of what programs and other things to block.

      A workshop is being held this week in Washington D.C. by the Federal Trade Commission. Its not the kind of forum for making decisions, but I hope its a helpful step in defining some boundaries for vendors. I may not like the SPYBLOCK act, but I do think theres an important role for the law here, since fraud and misappropriation of computer resources should be illegal. I dont have much confidence in the government being able to define the line between proper and improper program behavior, so I think the industry needs to come to a consensus.

      Sure, there are some cases that are unambiguous, so much so that anti-virus software probably detects it, too. Keyloggers, for example, which are programs that track what your keystrokes and perhaps mouse selections on the PC are and send them off to others. Or Trojan horse programs that remote attackers use to form a “bot army” for some distributed denial-of-service attack. These things exist, and therefore too many people have them. But, in an important sense, they arent what the real problem is.

      The problem is with the ambiguous cases. Maybe “ambiguous” is too generous, but consider that some companies are completely open about what they are doing. Others call what theyre doing spyware or, more likely, “adware.” Im not a lawyer, so I cant say, for example, whether Clarias explanation of what its Gator software does, not to mention the license agreement they present at install time, is accurate and fair. But assume, for the sake of argument, that they are. I still think Gain is a sleazy piece of software, but being upfront about it counts for something.

      There are other difficult cases, at least from the point of view of anti-spyware software. Do you have a copy of the free remote-control program Virtual Network Computing on your computer? You might have one that you installed yourself, and that would be fine. How about the copy that some attacker installed and which you dont know about? That would be a very bad thing indeed, but how is an anti-spyware program supposed to know?

      The next level of controversy is ad-supported software, the classic example of which is the Eudora mail client in “sponsored” mode. Eudora is a mail client for Windows, Mac and Palm OS. If you dont pay $49.95, you can still use the program, but ads will appear in it, including up to three “sponsored toolbar links” that appear alongside toolbar items that do actual Eudora stuff. The Opera Web browser has similar arrangements.

      Some people, and some anti-spyware programs, consider Eudora in sponsored mode to be “adware.” Why? Because it serves ads. This seems a bit simple-minded to me.

      But the most significant controversy over such definitions has to do with cookies. I run SpyBot Search & Destroy on a system here, and its always warning me about various threats that basically are just cookies.

      Are cookies spyware or adware? Some people go ape over cookies and have no perspective on them at all. First, without cookies, browsing becomes a much less convenient experience. Youd have a lot more typing and memorizing to do without cookies. What people dont like about cookies is how they get tracked as they move from site to site, and how a picture of their habits is taken and sold, and so on. This sounds sinister, but for the most part I consider it part of the price for free content. Also, some of the better-known “threats,” such as Avenue A (which youll probably find on this page), conform to P3P (Platform for Privacy Preferences), so you have some control generally in Internet Explorer over whether youll accept their cookies on their terms.

      We could argue all day about whether cookies like that are a bad thing and if people need to be protected against them, but I think its far out of proportion to put them in the same ball park as programs that serve surreptitious ads or, for that matter, run any sort of software on your system. In case you didnt know, cookies arent programs that run on your computer.

      Perhaps the SPYBLOCK act isnt all that far off. Defining what programs can and cant do is a daunting task; the important part of the bill is that it bans what the user doesnt consent to, and thats the good part of the approach.

      Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

      /zimages/3/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.
      Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: http://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif

      More from Larry Seltzer

      Larry Seltzer
      Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×