Congressional Anti-Spyware Bill Introduced

CRCates writes that U.S. "Senator Conrad Burns has introduced new anti-spyware legislation. The bill would make it difficult to for software to download and install itself without the user's knowledge. The bill would also require notification, consent, and procedures for easy removal."

Easy removal

[zcat_NZ]

I have yet to find any spyware that wasn't easily removed

Re:Easy removal

They do exist; I watched as a friend mistyped an address into IE and got sent to a typo-squatter's page which installed Xupiter Toolbar without asking. (He uses Opera now for obvious reasons.)

There's another one I've heard of but never actually seen in the wild called CoolWebSearch. Apparently there's 30-something variants of it, and they use try to use an exploit in the Microsoft VM to install themselves silently on unpatched machines. I hear some of the nastier variants go so far as killing the processes of spyware scanners and rewriting their download links to point to adult sites.

Re:Easy removal

[TykeClone]

I've had a bit of a chance to run it and I'd say no - it doesn't. I was cleaning up a machine and Norton 2004 did catch some stuff, but Adaware caught much, much more.

Re:Easy removal

[jpop32]

Do what I did. Open the task manager and do a Google search for each of the processes.

Which works well if the nasty is listed as a separate process. Which is not always the case. For example, all services go under a couple of master-processes (svchost.exe, services.exe). Furthermore, nasties don't need to be resident, they can be invoked when an activity of interest takes place. So you may miss it, except for a couple of seconds they do their bussiness.

Re:Am I crazy?

[Carnildo]

was this just covered last night?

Last night's article was about the Iowa legislature. This one is about the US Congress.

You missed any drivers, etc

[BoomerSooner]

You can also load spyware via drivers. Those are more difficult to root out.

The real trouble with spyware

[Whatchamacallit]

As I see it, and I have removed over a million pieces of spyware from my customer's computers...

The trouble with spyware is:

1. It's damn sneaky. No indication other then a license agreement that no one reads because it's all legalease and effectively gibberish to the average person.

2. Some spyware is loading onto computers via popup advertisements that are using obvious MSIE flaws to allow it to install. Most of the spyware changes your homepage to their search page which also happens to re-install their software. This means they are using virus/trojan techniques to invade your system.

3. Most spyware will re-install or auto update itself if you try to remove it and miss a portion. Some spyware appears to team up with other spyware packages that reload each other.

4. Several spyware companies actually advertise anti-spyware software that just loads more spyware onto a system.

5. The security in Windows is horrible. Looks like we might have to resort to a signing method for all approved software and allow only company approved signatures to install. I don't think Windows fully allows this for everything. I know they do it for drivers but it should be available for all software.

Spyware is begining to be a real problem in enterprise environments, we locked down our WinXP computers pretty tight and yet the spyware still manages to get installed. It takes hours to remove spyware from a user's machine. In some cases, when Ad-Aware and SpyBot both failed to remove a package, we ended up having to rebuild the OS and restore the user's data.

Windows is so very broken that I don't think it can ever be fixed. No law will make a difference, companies will just move off shore and then still deliver the spyware goods.

The only sure fire way I see Windows getting repaired is if Microsoft bites the bullet and stops development on Longhorn and then literally starts over. They should make a FreeBSD base and build the Windows API into the system. This will ensure multiple user abilities and more importantly, security. Of course this will break all old software that requires drive letters and other things that will have changed but it's becoming necessary. The holy grail for MS is backwards compatibility and it's also a curse they will never give up.

I know, Apple did the same thing with OS X. It's a custom Mach kernel with a FreeBSD foundation. They build a backwards compatible Classic environment as well as a porting environment called Carbon in addition to the NeXTStep Cocoa NS API. The security is there and you are prompted to install software whenever an application tries to install. If it installs in your user home directory structure, you may not be prompted, but at least you will be able to rebuild the user account and migrate your data.

Microsoft needs to follow suit. Of course they should do it their own way but they really need to focus on security as well as separating the OS from the Applications and System wide software from individual user software as well as user settings from system settings. The trouble is Windows has always had a hard time isolating things because of the backwards compatibility issues. WinXP moved the user profiles to Documents and Settings but it needs to be better isolated across everything everywhere. All the security issues come down to a serious flaw in design which directly stems from the Win3.x and the strong desire to keep old software running on new systems. Windows systems are wide open out of the box. Most good Unix distributions are closed out of the box. i.e. in Unix you need to turn things on. In Windows you need to turn things off. This makes a heck of a lot harder to lock down.