Spy v. Spy

An anonymous reader writes "MSNBC is reporting on a brewing battle between makers of spy software and anti-spy software. According to this article the makers of Spector and WinWhatWhere have added a feature to their new software that disables the popular anti-spy software Who's Watching Me."

Confused

Which side is decked in all white and which side is decked in all black? This is maddening...

How long until...

[xtermz]

...somebody tries to sue while claiming a violation of the DMCA? This seems like something a corporation would pull out from it's sleave if it sees it's efforts to stop the anti-spy software is going nowhere...

Re:How long until...

I don't think this would quantify a DMCA complaint, as blocking other programs doesn't really require any sort of decryption or reverse engineering. What I do find interesting is the intentional disabling of specific _commercial_ software, though.

Who's Watching Me comes with a 90 day trial, but you have to pay if you want to keep the program. If I downloaded and paid for Who's Watching Me, then someone surreptitiously installed WinWhatWhere which disabled the software I'd _paid for_ I believe I would be pissed. It's like a worm disabling the antivirus/firewall programs you've paid for.

Re:How long until...

I see it the other way around. The user KNOWS that they have installed the anti-spy software on their system. The spying companies should be sued for hacking files that do not belong to them. They have no legal right to be able to break the detection software. This is like the FBI having the right to come into your home and break any hardware that you might have that for detecting phone taps. They have the right to try and circumvent the tap detector by changing the way they tap the phone line, but they have ZERO right to walk in your house and smash the thing with a hammer. I'm sure there someone out there can find court cases out there that support my comments.

Mmmm.. FUN! And a legal nightmare..

[Fixer]

IANAL, BIAAIL (But I Am An Interested Layman)..

Okay, this is my computer. I purchase a piece of software that is supposed to detect snooping software hiding out on my machine. Said snooping software destroys my anti-snooper, interfering with it's proper operation and generally depriving me of it's service that I have paid for.

Shouldn't I be able to sue the snooper software, as I did not ask for it and did not give any kind of authorization for it's installation into my system? To say nothing of the trespassing charges I'm going to bring against the snooper developer..

Re:Mmmm.. FUN! And a legal nightmare..

[bpb213]

If its a computer at work, then IT will have your ass for installing software they didnt approve :)

But at home, you might have a case if the spyware was installed by someone who doesnt own the computer and cnat prove you gave them permission to install software. But you = $$, spyware = $$$$$$$$$$$, guess who wins in our financially independant court system? >:)

Re:Mmmm.. FUN! And a legal nightmare..

[mjh]

In that case, shouldn't you sue the person who installed it rather than the company who makes the software? Didn't we all agree that there was nothing wrong with writing DeCSS or Napster or other software - it was only the person using it for illegal purposes who was at fault?

IANAL, but you're comparing apples & oranges. DeCSS did not embed some alternate functionality into its software. It did exactly what it advertised itself to do. A better comparison is to that of a virus or a worm. When I download an email, my intention is to read my email. But when that email exploits my machine in a way that I hadn't intended, the author of the virus or worm is held accountable. This is the current law.

It doesn't matter who installed the software. What matters is that a clandestine operation took place in direct subversion of the user's intention. This software is a virus, and I suspect that if you read the current crop of computer crimes, you'd probably be able to classify this software as such.

Re:with things like this happening

[ichimunki]

And as soon as more and more average users start using Linux, we'll see all sorts of fun stuff getting thrown into RPMs and .deb files and this problem will just follow. The only thing that will prevent it is the fairly high sense of ethics that most free software developers bring to their work (which is part of why I like free software so much myself).

Can't legal action be used?

[Recovery1]

Just a thought, but this spy software intergrated in computers is installed sometimes unknowingly by the user. This definately falls under privacy and stalking laws in most places. Heck, even police in most states aren't allowed to use surveilance equipment on a person without a warrant, and these companies are doing it with this software. So can action be taken legally against Cydoor and so forth?

Or am I just confused as always.
-Recovery1

Re:Can't legal action be used?

Assuming EULAs are eventually found to be binding, you can pretty much forget suing spyware authors because they almost always do have your permission to plant the program and let it do its dirty work. The details might be buried 5,000 words into the EULA in 8 point Times New Roman, but they exist nonetheless. When you click the OK/Yes/I Accept/FUCK ME NOW button - again, assuming EULAs are binding - you've given your consent for the spyware to be installed.

It's a rare case that spyware, in the marketing sense at least, actually gets planted on a system without the user's tacit approval. Of course when it comes to something like the focus of this story, the spyware isn't being installed by the user to begin with. The real court battle, perhaps, should be "does my spouse/parent/roommate/employer have the right to install this stuff on my computer without my permission?"

We'll never know for sure until the idea of EULAs is rigorously tested in court. With more and more stuff like this story popping up, something tells me that's going to happen sooner rather than later.

Re:ot?

[Masem]

There used to be a common pasttime for assembly and other budding programmers call Core Wars. The game system was a simple, stripped down, assembly language engine and a largish block of a virtual machine memory. Your task was to write assembly code that would survive and outlast other programs in that block of memory when put to the test. The trick was that your program's code was stored only in that block of memory, thus a common routine for enemy programs was to simply trounce random bits into your code, and thus ruining your code. So you could take a number of different steps; either make your program as small as possible as to avoid random trounces, or duplicate your code as much as possible, or so forth. Some programs were rather complexe and/or large, but managed to survive various opponents. Of course, this was before the proliferation of exe-viruses, which may have been why it drifted off to the wayside (another similar game around whereby you coded robots in a virtual arena to battle each other, sort of an electronic predecessor of Battlebots, became more popular after this.). One of the current KDE screensaver modes operates similar to Code Wars.

The point is that what we're seeing now, with the spyware vs anti-spyware, is the same as Code Wars, but now moving to real systems instead of that virtual block of memory. And these are no longer games, but programs that may or may not affect both those that write them and those whose system the battle takes place on. So I certainly think there's a geek side to this, no only in the YRO aspect, but also in light of what used to be considered a harmless game years ago.

Re:with things like this happening

[Binky+The+Oracle]

This reminds me of the old computer program "Core Wars." My ancient history is horribly rusty, but this whole concept goes back to one of the East Coast heavyweights (MIT? Harvard?) where the programmers would write self-replicating code fragments and set them loose overnight. The code was designed to multiply itself and destroy any other code it found. The winner was the one with the most code at the end of the run.

I'm sure someone who knows the real history will provide it.

Same concept here... only now the vendors are using our computers for their fights...

Too bad I don't have one of Gibson's Hosaka decks yet... I'd love to jack in and watch the fights.

Counter-countermeasure engineering problem...

[CaptainPhong]

It would have been best if they had just taken engineering challenge and designed something that couldn't be detected. but instead they just decided to break our program. That's kind of lame.

Of course, the anti-spy people could treat these countermeasures as an engineering problem.

A couple possible (partial) solutions:

1) Check for beligerant spyware during the install process (the install program would presumably be running from a CD, so it couldn't be corrupted). Later, if it detects that spyware is being installed, fire off warnings, send e-mails, make logs, etc. to make sure that the spyware can't cover it's tracks.

2) In the documentation, note that failure for the program to run or a crash could indicate the presence of spyware (and that you should run an "emergeny check" from the install disk).

3) Put a check on the integrity of the software in the MBR (using CRCs and such). If a spyware messes with that, it should trip off the BIOS virus checking. That would also have to be documented of course so the user understands what the heck is going on.

4) Have the anti-spyware run entirely from a separate disk (maybe a boot disk to be sure the spyware isn't running waiting to thwart the anti-spyware). When you come in to work, or sit down at your computer, throw in the disk to be sure nobody installed spyware when you weren't there.

5) Make the anti-spyware as stealthy as the spyware. If the spyware or the person installing isn't aware of the presence of anti-spyware, the anti-spyware is much more likely to be successful. Using polymorphic code, constantly changing file names, etc. could probably be pretty effective.

None of these solutions are perfect of course, but a bit of a battle is probably inevitable, as the two types of software both have legitimate and illegitimate uses, and the only way one of the two can succeed is by defeating the other.

Additional measures...

[shaldannon]

1. have the anti-spyware regularly check its files for integrity. If the files have changed, download a replacement.
2. Incorporate some of the latest virus technology (e.g., piggyback on spyware, change names, locations, and dll file names and locations, etc).

This might not necessarily solve the entire problem, but it could certainly up the ante.

Re:Litigation time...

[Reality+Master+101]

By technical definition, spyware is a virus.

Uh, no. Spyware are just applications that do what they are designed to do, and are loaded on just like any other application. A virus breaks into your computer in unauthorized ways. A virus can be spyware, but spyware is not a virus.

If I found that someone had installed unauthorized spyware on my machine and broke my anti-spyware, I would be suing not just the individual who installed it on my machine in the first place, but also the company that makes the spyware.

And would you also sue a binocular manufacturer if someone spys on your wife in your backyard?

Re:This is a trojan horse, plain and simple.

[brogdon]

"Without warning the user, WinWhatWhere disables another piece of software for which that person has paid good money. That's like IE deleting Netscape if it detects it on your system. That's like your trusty Chevy switching to Battlebots mode every time it detects a Honda in the highway."

No way they do it without a warning. I would stake what little fortune I have that they explicitly demand permission to do the altering in the EULA. No one reads them anyway, and even fewer would recognize what the legal-speak meant when they say that you grant them the right to alter "certain incompatible software modules installed herewith and therefore, etc". Once you click through the installer, they'd be free and clear.

This is kind of a stretch, but does anyone actually have a copy of their Licensing Agreement? I bet it's a good read.

Re:Grounds for divorce.

[Zeinfeld]

oh PUHLEEAASSSEEE. If you are married, you shouldn't have anything to hide from your spouse.

I have confidential information concerning many of my clients and former clients on my machines. I do not share that info with my spouse. Nor do I want my doctor, lawyer or accountant sharing my confidential information with their spouses.

The spyware folk appear to me to have got off very likely in the article. It appears likely to me that the overwhelming use of their wares in the long term is likely to be outright criminal, capturing passwords, credit card numbers etc. This was the modus operandi in the crimes Mitnick was sent to jail for the first time.

The law enforcement issue sounds to me to be bogus, if law enforcement really needs such tools they would be best advised to develop them internally and use them sparingly. Genuine vendors of law enforcement tools will typically only sell to law enforcement and verify who they are selling to.

Using the tools without a court order is very likely to be illegal in many jurisdictions. It would appear to be unauthorised modification of a computer system. If it isn't illegal already it is an oversight and it is likely to be made so.

This story strikes me as being very similar in tone to the early stories we would hears from the hacker community. 'We never do damage' they would say, 'we only go after child pornographers and terorists', having (legally) reviewed intercepts of the activities of certain widely reported hacker's activities I can assure people that they misrepresent their actions and motives.

Re:This is a trojan horse, plain and simple.

[realgone]

anyone actually have a copy of their Licensing Agreement?

Yup, here it is.

Nowhere do they seek permission to alter other software... but I did get a good laugh out of this last line (emphasis mine):

"Any use of this software in conjunction with any hardware, device or apparatus to surreptitiously intercept wire, oral, or electronic communications may violate state and federal laws, so there."

Copyright?

[NapalmGod]

It seems to me that if they copyright the anti-spyware program, and some other program comes on and modifies it, then they'd have a case for suing the spyware company on the basis of copyright violation.

In any case, it's actually rather easy to fix. Put a memory-resident util that monitors the files on disk, checking the checksum every x number of minutes, and display a popup on the screen if it's modified. Have the memory-resident program put an icon in the systray. Copyright the icon in the systray. Put in the manual "If you don't see the icon in the systray, then you have spyware installed.". If the spyware companies disable the resident program and put the icon back on anyway, you can definitely nail them for copyright violation. :)

Just my $0.02, IANAL, void where prohibited.

-steve

Re:with things like this happening

[npongratz]

That is why you should go with a source-based distro such as Sorcerer GNU/Linux. Absolutely nothing will be "thrown on" your system without you knowing about it (as long as you're l33t enough to look), and you'll get better performance, also.

Re:More virus-like that the company might admit

[secolactico]

If I'm an employer, I can do it all day long, and thus the product is legal.

As I understand, it's illegal to monitor other people (inc your employees) unless you give them a warning that you are doing so, or might be doing so. Correct me if I'm wrong, please.