Slashdot Mirror
FTC Officials Wary of Spyware Measures
Nofsck Ingcloo writes "News.com is reporting thusly:
'Two Federal Trade Commission officials ignited a political firestorm on Thursday by criticizing proposed laws targeting spyware and suggesting that the measures might harm legitimate software products, too.' During an appearance before a House of Representatives panel, FTC Commissioner Mozelle Thompson said the measures were the wrong approach to spyware and adware. Basically he is advocating a 'don't throw the baby out with the bath water' approach."
he gets from these so-called "software companies" in contributions?
Heave the "baby" out with the bathwater. Spyware is called spyware because of what it is. There's no mistaking a legitimate program that user chooses to install. In my opinion, if the user knows its being installed than its not spyware. If the user doesn't fully know whats being installed than it is spyware, and that type of software should be chucked out with the bathwater.
http://github.com/gbook/nidb
-
The FTC representatives countered by saying that while they were "outraged" by spyware, a careful approach was necessary. In addition, during an FTC workshop last week, a prosecutor noted that the Justice Department already had sufficient legal authority under existing computer crime laws to put the most noxious spyware makers in prison.
If this is true then why aren't they? There are certainly several spyware products "noxious" enough to warrant a prosecution. Sounds like a bluff to me.While I understand the FTC needs to protect legitimate business interests along with consumer's interests, this is ridiculous. Yes there may be difficulty in wording the bill so that it doesn't hinder legit software, but that's something that can be resolved. Self-regulation sure as hell isn't going to work, the adware and spyware companies have shown little to no restraint in doing whatever they damn well please.
Don't believe that last sentence? Just check out how they all claim you have to opt-in to their software, that it's never installed without your permission. Then check out the ad/spy-ware infected software installs and see if they warn you about them. I've yet to see a warning when one of the buggers shows up, and I do read the info during my software installs.
And finally, just try to remove one without a 3rd-party utility, they're nearly impossible to remove. That alone makes them trespassers to me, since you can uninstall them but they're still partially there, cluttering up your hard drive and mucking with your OS.
Basically he is advocating a 'don't throw the baby out with the bath water' approach."
In this case the baby is green, has 10 eyes, keeps track of your every move, spits in your face with ads, and is guaranteed to wreck your house.
So you do toss the baby out with the bathwater. Otherwise you have a monster on your hands.
Some call him Gator
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
I'm not sure I fully agree with your description of the problem, but I think you're mostly right here.
Any attempt to describe the injustice in a foolproof way will only (or probably only) assert heavy restrictions on valid software. Any attempt to prove that the software was "granted" permission by the user will result in deeply-hidden and cleverly-worded explanations of what the software is doing. The same folks that are susceptible to it today will still be susceptible in the end.
::jafomatic
Voulentary Self-Regulation by industry=Popular Republican political strategy. Basically a neat way of pretending to do something while actually ignoring the problem.
Only to idiots, are orders laws.
-- Henning von Tresckow
There's no baby in the bathwater of ActiveX installs. There never was. Who needs software installed directly from the web browser? Legitimate installer programs are easy to come by, and most people who are able to go out and search for the software in the first place are smart enough to get it downloaded and installed.
There is a problem in preventing "Third party installations" from being included in the installers, as many games and legitimate tools have come to rely on DirectX, Quicktime, and Rad Game tools. But there is no necessity to include them as part of the installer itself. Meerly make a note in the installer that you need to install these utilities too and that they are included on the cd or in a setup directory.
When life gives you crap, Make Crapade.
Sluggy Freelance.
US population is only what, 300 million people?
India and the rest of the world is a much bigger market
HOW'S MY POSTING? CALL 1-800-POSTING
On the other hand, the spyware, the automated pop-up programs, etc... these need to outlawed and the "companies" that make money by hijacking information need to be dealt with.
Agile Artisans
Personally i regard spyware and adware the same way i regard rootkits. The machines real users mostly dont know there there, they are using my computing power and bandwidth to provide service to some other person who is using the access to my computer to gather information about me and use this information to target me with traffic i neither like or want, and in some cases, hijack *my* internet services.
I personally dont particularly like adverts on web pages, but i can see they are needed on some sites that can only survive by the revenue they generate.
The fact that theftware (I think this is a reasonable description of programs which steal my bandwidth and steal others advertising space) such as Gator *steal* (And i cant think of any other way of describing this) the advertising space, paid for by companies that are *supporting* some of the websites i view, strikes me as the most dodgy tactics imaginable, and i hope these companies go broke.
If there isnt a law covering this disreputable activity already, i hope we get one soon.
We have regulations on what people can and cannot do with private property, why should an online computer be treated differently ? Oh yeah, they flash a so called licence agreement to the user just to be on the safe side of the law, that you dismiss by either clicking yes or no (read the very fine prints). That is unnacceptable. Any program installing on a computer should clearly show how to exit the installation process, and better, unsollicited installs should be banned altogether. I'm talking about thoses occuring when you just load a web page. You never asked to install anything, or never wanted to do so, yet something asks you install it, often in a deceptive manner.
This shouldn't be too difficult to pass such a law, and legit businesses will adapt very well. As a matter of fact, legit businesses already have adapted : a clear warning or information page with a link to the install program. Plain and simple.
*End Users* do not gain any authority by the fact that they can sit at a keyboard.
Doesn't matter if it's a 12 year old kid at your keyboard in your house, and it doesn't matter if it's a secretary in a 500 person company. Neither of these people have the authority to consent to anything, especially binding agreements (and contracts, which is how the s/w industry would like their EULAs treated).
All this crap does is legalize social engineering. Think about it.
help me i've cloned myself and can't remember which one I am
I love spyware, the more machines infested with it the better. Users get fed up with all the pop ups and machine stability problems. I either get money to remove it or it becomes amazingly simple to convince these people try Linux. It also had a dramatic effect on overall TCO of the environment. I work in a mixed environment windows and linux desktops. The windows side takes three to four times the amount of maintenance because the support guys spend at a minimum 70% of their day cleaning machines.
Got Code?
At the least, there should be a law requiring all installed programs to show up in the "Add/Remove Programs" dialog and actually remove themselves when told to do so...
This should be OPT-IN only, just like SPAM should be. It has to clearly state what it is and what it does, ie, it snoops and reports your every move whilr browsing and targets ads at you based on this. It should also be required to ask permission to install.
Any thing less and it should all be illegal, with large fines and loss of internet connection for that company, for 5 years. If that closes them down, so freakin what!
Professional Politicians are not the solution, they ARE the problem.
What is Ninnle Linux? The web page does not even come up.
This is typical privacy nut FUD. For example, Gator only has EIGHT eyes, and he can't possibly keep track of your every move because sometimes he's slowing down your internet connection when he secretly downloads ads, and other times he's busy crashing your computer. Do you really think he can download ads, crash your computer, AND track you all at the same time?
Yeah I didn't think so tinfoil man.
Never confuse volume with power.
I guess they are scared that this work will get offshored to India also! :)
-
This is a slippery slope, people. You can make something illegal just because you don't like the idea of it. If people are installing this at-will, then there is nothing morally or ethically worng with it.
This is a rather optimistic view of things, I take it you've never run afoul of much ad/spy-ware. The issue isn't so much software that people willingly choose to install (although Gator and some others don't really warn you fairly about all the popup ads you'll be getting as a result) but about software that installs itself piggy-backed onto other software without warning. Most spy-ware especially is like this. Even once you find out it's there, getting rid of it takes an act of God, or at least 3rd-party software. Why? Because at best the company only provides a broken uninstaller, normally there is no uninstaller. Add in the fact they often don't show up under add/remove programs (let's face it, this is primarily a Windows-land issue) or even under program listings, and you have software that is NOT even trying to act like it's a legit install.The only 'spyware' that is problematic is the kind that installs itself by exploiting software bugs in browsers, and that is already illegal: it's called a virus.
So sorry, this isn't a slippery slope, this is about making the software companies that put this crap out start playing nicely and acting like good citizens of the online world, as oppossed to their current shady, back-alley actions.
These side programs are merely the cost of these great free utilities. It used to be that you had to pay $5 and $10 for these little utilities. Now I get a cool password safe and an address book manager, and it just costs me some extra pop-up ads and them wanting to do some market research on me. Boo fucking hoo! That's my choice! The ads show me products I wouldn't have seen otherwise, and it's not like I have anything to hide on my machine. I don't mind if they look around to see what I might enjoy buying! This is America, and hello? We're capitalists?
As I see it, they're doing me a service. It's not like I'm taxing my CPU when I'm not playing a game or working with non-browser applications. Why not give up some system resources instead of having to break out PayPal whenever I want a cool new file sharing app? Let me make my own choices about what goes on my system. Don't presume you get to choose what's good and bad for me. Aren't you guys supposed to be about software freedom?
Says the RIAA: When you EQ, you're stealing bass!
The point is this: no legitimate software should install something that you don't want, period. Ads I can agree with, people gotta eat, but Spyware is showing complete disdain for your userbase and really insults them. That would be like a car dealer giving you a free car, equipping it with GPS, slowing down the engine, making it run like crap, installing a hidden camera, and then slashing the tires. Spyware companies are not very well known for following the law, so one would hope this does not provide loopholes and ends up legitimizing Spyware, as is happening with SPAM.
I hate sigs.
You people should be ashamed of yourselves. These people have the right to make money like everyone else!
This is the most common fallacy I see in today's political atmosphere. No one has the right to make money and the government's job isn't to make sure people with crappy ideas or products no one wants stay in business.
Newsflash to programmers: If people will work cheaper than you they will get your job.
Newsflash to farmers: Some crops don't grow well in some states.
Newsflash to RIAA: No one NEEDS you anymore, Musicians can produce without you and we can sure as hell distribute without you.
Newsflash to Unions: See Newsflash to programmers
Never confuse volume with power.
Is this any different from lawmakers doing things to protect the auto, oil, media, etc industries? They have an interest, because these companies pay for campaigns. They don't try to force down gas prices, they don't force too many radical automobile innovations, they don't try to keep cable prices down (except for token, known to be worthless, efforts)
I don't know of any spyware makers big enough to support politics, but who knows. Maybe Time Warner, or GE owns something we don't know about.
Just a thought.
-Patrick
"They never stop thinking about new ways to harm our country and our people, and neither do we."
Basically he is advocating a 'don't throw the baby out with the bath water' approach.
If that baby keeps pooping up in my face so I can't see anything else all the time, why not?
In all honesty, the FTC should be thinking the other way around. Instead of hiding spyware and forcing pop-ups on innocent web surfers, they should consider finding a less aggressive means of advertising to the general public online... 10 million people don't all want "presciption pills"... Though there are the occasional few, individuals
**Looks at everyone else**
WHAT??
Business \Busi"ness\, n.;
A scam in which all people involved perceive as beneficial...
It suddenly occured to me that the reason I haven't been modded up is that many of you are probably unfamiliar with new.net.
Find more information here.
About a particularly nasty form of spyware.
When I am king, you will be first against the wall.
Nice troll.
For those who don't know what new.net is about, it's basically a company which offers custom domains. Their spyware installs a layer which takes over all DNS resolving and redirects it to their servers.
A housemate of mine got infected with New.net. He could no longer log in to the university network, because Internet access was not allowed until logged in and thus the request to resolve the domain name of the log-in server could not reach new.net. This is what happens when stupid people write software without considering all scenarios.
I wonder how much dosh the DMA have been uh, "contributing" to members of the FTC?
Marketers make me sick.
Corporatism != Free Market
"Nobody is forcing people to install this software; people agree to install it themselves."
Bull!!!
I've a twelve year old developmentally disabled child who surfs wesites such as Disney, Cartoon Network, Goosebumps, Warner Brothers etc.
A recent cleaning with Adaware and Spybot Search and destroy revealed over 150 instances of spyware on his computer including one goofy search toolbar which prompted the most recent cleaning.
Do you think he agreed to install this shit on his computer? Most of the time I can't get him to agree to take a bath. Quite frankly, I think these kid friendly sites need to clean up their act or face some consequences.
They all have these nifty little games, wallpapers, movie trailers, along with, Gator, Claria, and tons of spyware children have to install to view or play the content.
While the majority of the American public lacks the critical thinking ability to be able to consider the far reaching implications of their actions there are a few people, hopefully in positions with real capability of impact, who can see the problem for what it is. The average American doesn't realize the full power vested in a web browser that integrates tightly with the operating system. Most Americans don't realize what kind of trouble they're getting themselves into when they demand that their web browser be able to directly access their sound card, or their video card, or integrate seamlessly with apps on their system so that everything seems to be running inside the browser window as if the browser _were_ the operating system. These citizens clamor for functionality and then clamor for security. It is possible to have both but the price is in learning or in cost and both of these are unacceptable to the popular citizenry.
People in general, and Americans in particular, are obsessed with the mantra of "do something". Perhpas it has been beaten into our culture from the WW-I and WW-II era old hardtimers who felt the indignance of being marched off to war and then watch their subsequent generations enjoy profit without the pain of shell-shock or watching best friends get riddled with bullets. Whatever the reason the American society seems to be unable to enter into a state of natural flux--ebb and flow. Instead American society is stuck in a full steam ahead approach to everything. Refinement means nothing and progress means everything. The definition of progress is addition and more addition. The component of progress that involves improvement has been swamped by the "do something" drive to add more.
Adware and spyware have come about because the operating system and web browser which appeals to the popular citizenry has given them what they want. It has given them more and more and more as they asked. When the problems arose that, in a normal system, would have encouraged refinement and improvement, the users demanded more and more and more. This resulted in EULAs. EULAs made it possible for the software industry to concentrate on giving the users what they want: more. EULAs made it possible for software manufaturers to be free and clear of the necessary refinements and improvements which could have made adware and spyware obsolete before it ever started.
The approach to this problem is not to pass more laws. That approach does nothing but feed the "do something" attitude which has brought us to the quagmire of today. The approach to this problem is to refine and improve what we have. We need not to add more laws but rather to remove the artificial laws which give umbrella protection to less than optimal designs.
+++ATHZ 99:5:80
I agree totally. There's nothing inherently wrong with adware. The term simply means software that is supported by ads. The free version of Opera is adware even.
You want to pass a law that criminalizes something that's not even defined? Klerck is right about this being a very slippery slope, but even more than that, I just think that they won't be able to come up with a definition that actually covers malware without affecting other "legitimate" software as well. If you refer to the data collection aspect, that could include a lot of companies who happen to collect some of your data for some purpose, even if their privacy policy matches your ideal definition. Most likely, a law for this would just lead to another paragraph in the program's EULA detailing exactly what data it sends where (many already have this info) or another question to answer, but since nobody reads the EULA and just click on every Yes button anyway, it won't actually have any effect on the end result.
These programs do offer some additional value to the user, though it's often something menial. True to the capitalist system, your payment for their service is that they collect data on you to sell to advertisers or whatever. You get something in return for giving them something. Even though most people probably wouldn't find the software worth the cost if they stopped and thought about it, there's nothing that inherently makes this software any less valid than any other piece of software.
Barring bugs in your software, just pay attention to what you install and you won't have problems. When I see a page in a setup program that asks if I want to install Gator too, I uncheck the box or click Cancel. I don't click yes to every popup I get. My parents don't even have a problem with spyware. (Hint: There are browsers available that aren't littered with remote execution bugs and don't automatically run every program they come to. That's a good start to keeping this stuff off your computer.) If they're using software holes to install themselves without your knowledge, then they're probably in violation of some clause in the DMCA, and already illegal. Making more laws that can't be and/or don't get enforced always solves problems, right?
Many can be uninstalled just by using the Add/Remove Programs tool. If so many people want to take it off, how come I find so many computers where it could be removed with a few clicks, and isn't?
I can monitor what data a program on my computer accesses. It's not real easy to sift through all that information, but it's available if I want to use it. My firewall blocks outgoing transmissions unless I authorize them. I honestly don't care if there are a million programs on my PC spying on me, because the information doesn't leave my computer.
I don't think it gets any simpler than that. That's the sort of laws that we're looking at. Either they're going to have loopholes so the intended software can get around them, or they'll be so broad as to outlaw all data transmission over the internet.
Shouldn't spyware already be covered by laws against spreading viruses? Spyware is software installed on my machine without my knowing it, and this is exactly what happens when a virus spreads. What's the difference?
When it's distributed by a business, it's called spyware, and when it's distributed by a 14-year-old, it's a virus. Is this asinine or what?
Wait a minute! The Quality Feedback Agent is not hidden from view during a "custom install" with your usual optional brief mention at the bottom of some EULA or something like that.
It's a legitimate and non-silent (unlike spyware) component of the Mozilla Suite. If you choose "complete install" (in any application) it means everything!
zWhat would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
All it takes is one death for the Food and Drug Administration to ban ephedra, when many people use it intelligently just fine. Those people don't need "protection"
In contrast, the FTC doesn't want to protect you because spyware "might hurt good software" Yes, let's leave open the possibility for malware, spam, Windows, etc., to take over your computer, steal your identity, wipe out your bank account, etc. Those things can also "kill" your livelihood, in a sense.
Bah.
What I was implying, and what I assumed the reader would infer, was that people pay money to place advertisements, which means money for the developer. This "money" can be exchanged for goods and/or services, among these goods is this thing called "food". This "food" can be ingested and provide nutrition and sustenance for human beings.
I hate sigs.
The CoolWebSearch (CWS) browser hijacking variants are nasty alright! I have just helped someone get rid of one of these.
It's the first time I've encountered spyware that actually trashes your files. The CWS variant in this case had replaced the Windows Media Player executable with it's own little pet resident trojan. That was new to me. I had to resort to using the CWShredder (contains more info about CWS) and SpyBot Search & Destroy tools to remove all the cruft left on the system - Ad-aware couldn't handle it in this case. Of course WMP had to be installed afresh, so no anti-spyware tool can actually "repair" all the damage CWS variants cause.
I believe the line between spyware and virus is getting blurry.
zWhat would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
It was a simple - and amusing - idea that an FTC commissioner would be named 'Swindle' - nomen erat omen and all that. It was not an ad hominem attack or an attempt to assassinate Mr. Swindle's character.
(603413 Posties - now with 100% of your recommended daily allowance of Latin!)
I want to drag this out as long as possible. Bring me my protractor.
hmmmmm..... they think the can just pass a law and stop this stuff. "Honey, I bet if we pass a law I can get this monkey off of my computer! Plus, we gain even MORE control over what people can do with their computers. PERFECT!"
Maybe these lawmakers should just throw their own computers in prison. A computer is cheaper to maintain in a cell (no need for food, water, and exercise). Plus *POOF*, their problem goes away. No more adware! Hell no more viruses or evil hackers either! Their computer can be in prison with all the rest of the evil non-violent offenders! They can come visit it when they need to use Word
Hell you can even stack all the congressmans and senator's computers in a couple cells I bet ya! Simple solution. Cost effective!
Really I think that people with that little knowledge of computers have no business passing laws about computers. Ridiculous. Do you take your computer to a lawyer to have it fixed?????
"Congress shall make no law... abridging the freedom of speech, or of the press"
"Don't throw the baby out with the bathwater"
... but I think in this case the baby should've been aborted.
Normally I'm anti-abortion
Servlet v2.4 container in a single 161KB jar file ? Try Winstone
Programs that take all day to install won't be installed. Successful applications will have one installer and a usable, understandable install script. Products that install hundreds of programs that have no perceived value will fail, as they should.
You're clearly speaking for yourself. (I will speak up for myself below - personal opinion follows:)
Personally, I don't want anyone getting my bank account numbers, credit card numbers, tax information, etc. because a couple people who don't do these things don't mind if someone screws around on *their* computer. I will use my own judgment as to what is appropriate on *my* computer.
Basically, I will grant some programs that I trust the ability to "anonymously track bugs" or maybe allow a program like SETI or Mersenne Prime Search. I would be willing to fill out a survey at the time of download, from a web page - not an app running on my PC. I do not expect any ads to randomly come to my PC from the internet. The only company that has a right to do this would be my ISP (maybe), and I would quickly switch. None of my personal information should ever be transmitted without my express consent. Anything else amounts to identity theft or the enabling of such.
Let's go Hurricanes!!! 2006 Stanley Cup Champions!!!
Spammers will always be able to set up shop in a failed state with no police, write a virus/worm that sets up spam zombies and fire away.
As far as spyware goes, if it's in the Eula, then it's not the government's business to stop it. If Eula legalese ofusticates the existance of bundled spyware, then consumers will have to learn which 'brand names' put out software that comes spyware-free if they are too lazy to read each Eula.
As far as viruses/worms go, legislating against them only lets the careless claim victimhood ( such as people who were so careless as to buying software with tons of holes to let them in. Here we see a monopoly that doesn't want to shell out to secure it's products and a public that doesn't want to get a Macintosh because they can't play their favorite games on one. Games continue to be produced exclusively for Windows contiuing the cycle of consumer entrapment. Maybe the government should fine microsoft for every security hole that allows a wild virus to spread as an antitrust measure... ).
The worse these problems get the more the public will demand a change - some will vote with their dollars, others will whine to government. What's needed is a fed-up public that has learned it's lesson about computerized marketing sleaze, not laws.
If it is illegal to write worms/distribute spyware/send spam then only criminals will write worms/distribute spyware/send spam.
If you like to download music files off p2p, but don't want the spyware that comes with Kazaa, then use something else to get your pirated songs. If it doesn't work as well as Kazaa, then consider that all the Gator Revenue might actually be being put back into the Kazaa product. If you think Kazaa is gouging the public, start your own P2P network funded by banner ads and compete. If you'd rather pay a fee to be ad-free, consider buying songs legally for 99 cents each. Geez!
Eat at Joe's.
Basically he is advocating a 'don't throw the baby out with the bath water' approach.
It's hard not to become cynical about the state of US "democracy" when spyware and spam illicit a "don't throw the baby out with the bathwater" response, but the DMCA slides through congress on a greased fast track.
Stop-Prism.org: Opt Out of Surveillance
The FTC is simply parroting the current administration's pro-business rhetoric and defending any possible "entrepenurial opportunities" against regulation. This, coupled with an ethical zeitgeist that is solely focused on technical definitions of legality and not on philosophical defintions of ethical behavior -- basically, how can I rationalize stealing as OK? -- keeps the FTC from treating MOST basically crooked business behavior for what it is.
What surprises me is that only the fringe elements of the computer industry have responded to most spyware for what it is. You don't see anti-virus software makers putting out versions of their product that will remove spyware as well, despite the fact the most admins would pay handsomely for enhanced AV software that would remove spyware. Microsoft has done nothing to prevent too-easy web-based installation of spyware or other techniques to limit secret background apps from manipulating IE, the process table or the registry.
You get the feeling that there's a collective interest in the corporate community as a whole that spyware is somehow desirable; nobody really wants to get rid of it except users and maintainers of computers. Of course in the current ethical environment, it doesn't surprise me that they would embrace the idea of legitimizing bugging a PC for their own profit, against the will of the owner.
I then told one of my friends about it, who introduced me to ad-aware. I updated and ran it immediately and found nothing.
I don't know if it still works like that (and I'm not purposely installing spyware just to find out), but back then I wasn't annoyed at all because it was so easy to remove.
If all spyware worked like this, I would have no problem with it. It's the garbage that installs itself in secret and then periodically changes its filename to dodge spyware detectors that pisses me off.
Member of Orkut? Annoyed with spam?
I hate spyware as much as the next guy, but we can't act like we can regulate and legislate our industry in a vacuum. There's a cost for every law or regulation, and we shouldn't ignore that. And frankly, spyware is not enough of a threat for me to want to raise the lawyer tax.
Jack Valenti and the MPAA are to technology as the Boston strangler is to the woman home alone
Why in the world is a developmentally disabled 12-year-old allowed to surf the Net unsupervised to begin with? I'm also guessing he's logged in as an administrator? I would not let a normal 12-year-old surf unsupervised. That's just bad parenting.
Actually the law simply states that such software must be very very clear of its intentions when installing and it must offen an obvious method of uninstall. So if you had a legitamite program ie the baby, it could easily follow these rules and not get thrown out. The law simply requires full disclosure and doesn't ban anything.
Nobody is saying they should not make money, we are just saying make money someway else without forcing the user to install legal malware on their system tht they do not know about, but was part of some "nifty" software they downloaded from some email link or web site.
Gator keeps appearing on my system, yet I am not installing anything new. It appears in my cache for IE, traces of it, so it is being installed via an exploit in IE. I do not want this crud on my computer, yet it keeps reinstalling itself. Spysweeper always finds it and removes it, the next day it is back again. KMFSWC = No pity for the SpyWare Companies. Call it what it really is, a legal virus. Unethical, and soon it should be unlawful.
Don't protect the slimeballs of this industry. They deserve to be punished.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
I have a 10 year old brother, and a 16 year old sister who don't know the first thing about staying away from spy/adware i'm constantly cleaning things off their computer half of the time they just click through installers without reading them. and to top it off i'm having to clean it out of a windows ME machine. Right now I'm fighting against a porn hijacker that resets the homepage everytime using a windows help file that keeps reappearing.
Of course no one knows how it got there but it keeps reappearing and manages to evade spybot, adaware and norton. If this isn't illegitamite I don't know what is.
So was it you, your 10-yr old brother, or the 16-yr old sister that was browsing pr0n?
/. uses to create the md5'd unique browser identifier key? It's more useful than a cookie. :)
Does anyone have the code which
+++ATHZ 99:5:80
Was I the only one who read that as "Mozilla Thompson"?
Yes, apparently, I was...
being an independant agency means of few things. First of all, the members of the commission are elected to staggered terms, so Bush could have only nominated 3 members of the comission so far (1 per year). Also, independant agencies can only have a simple majority of either party - if there are already a majority of Republicans on the commission, then Bush would HAVE to nominate a Democrat for the next seat. Finally, if Bush really didn't like what the commission was doing, he could only remove them FOR CAUSE. That means he can't just remove them at will like he can to purely Executive agencies, if he had an agenda like you imply and tried to remove a member, it would be a HUGE political stink.
All that I ask is, if you're going to post flamebait material, at least do your research first. Thank you.
Quidquid latine dictum sit, altum viditur
But of course it won't happen, as the government has been throroughly subverted by business interests.
Don't run IE!
Don't let your friends run IE, don't let your department run IE, just don't run IE!
Of course I'm preaching to the quire here but as spyware becomes more of an issue hopefully everyone else will wake up. Or better yet, maybe since MS is a convicted monopolist someone will force them to include other browsers with a default install.
Yes, this issue is bigger than just web browsers but this is a simple solution to many problems. If this page offered a little more diversity when you look at the "Web Browsers Used to Access Google" maybe MS would be forced to improve IE beyond a patch here and there to something approaching Opera or Mozilla.
Really, I know what I'm doing...Ohhhh, look at the shiny buttons!
I had an oppertunity to drive one of our state representatives around for a weekend. And one of the things that I came to understand is how incredably difficult it is to write legislation, that does what it is supposed to, only does what it is supposed to, is applied by procesecutor's that are too zealous and too lax and is not ripped appart by judges that are too conservative, liberal or senile.
It's kinda like writing a program that has to be bug-free on release, the spec's change constantly and the whole QA department is at a seminar the last week of production.
Slow and careful can be good, it's not like there isn't good antispyware software out there for free. Personaly I use Spybot S&D it's free as in beer, no cost, exceptS donations. You can find them at www.safer-networking.org.
Apocalypse Cancelled, Sorry, No Ticket Refunds
He's right. As long as it is in the EULA, there's nothing you can do about it accept not agree to the conditions for use of the product.
Now the stinky part is that you don't see the EULA until after you've removed the shrink-wrap and can no longer return said product for a refund.
The FTC is off their rocker. What legitimate software out there is unable or unwilling to comply with this legislation? Seems to me that simply notifying the customer of the exact actions of the software and making removal of the software a normal process would be sufficient. When I load software, and it includes components that may contact a website and send information, I want to be told this and EXACTLY what will be sent and choose yes or no to this specifically. A good example is WinAmp. After installation, I was asked to register and decide if I wanted usage information to be sent periodically. Self-correction has never worked with slimy businesses. The good businesses do change so that the distinction is clearer (no good business wants to be seen as slimy). However, the slime won't stop until it is made difficult to impossible for them to proceed.
I was taking one day at a time, but then several days got together and ambushed me. (from a Rhymes with Orange comic)
Windows Messenger Service! What in the hell was Microsoft thinking when they allowed routable IP's to connect to Windows Messenger Service by default.
Seems like every time I thought I had it turned off, some damned windows update would turn it back on. Microsoft must have been paid off by spammers worried they couldn't use Email anymore, makes more sense than they're just that stupid.
Finaly bought a linksys router (which runs on Linux) to make the messenager spam go away for good.
Apocalypse Cancelled, Sorry, No Ticket Refunds
Spyware -- software that piggybacks on other software and masquerades itself as something relevant, hoping you won't notice.
How ironic would it be if the house of reps outlawed spyware, and inadvertently made it illegal to tack "riders" onto House Bills.
IDNRTFA. 0:-)
If crapware is such a problem, then how come I have never accidently installed any of it myself? Geez, people, JUST SAY NO! We don't need laws to keep people from hurting themselves, when all they have to do is Just Say No. Nancy Reagan had the answers to half of life's problems in just three words.
With the exceptions of worms and viruses (which we already have laws regarding) crapware doesn't get installed on your computer without your consent. It's all "opt in" right now. You can't get infected by crapware by visiting a web page, unless you're already running some crapware that you consented to, that downloads and executes foreign code. So what's the big deal?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
-NOT MAKING ORDINARY USERS ADMINISTRATORS! (usually do to laziness because some lame app written for win95 don't work and the 'IT guy' doesn't know how to change a reg permission).
Ok. In almost all cases, not necessary for spyware.
-Centralized, automatic, forced software upgrades.
"CEO Smithley? Yes, this is CFO Barker. Well, I was just working on my Excel numbers for our shareholder presentation, and my machine rebooted when I went out for a cup of coffee and I lost all my work. IT says something about "security holes", and how they won't stop doing this. Can we just get rid of that new CIO? He's been a pain in the ass since he got here."
-Using a "bare minimum to do what I need to do" model for security access
Sounds great. Not real practical except in the presence of competent security admins to define "what needs to be done". Not a lot of those floating around.
-Firewalls that block certain *outgoing* access as well as incoming
Useless, because of the "IE hole". IE essentially has to be allowed free access, and it's easy for applications to request IE to send data over the network. There are a ton of vectors to use.
-Disabling, not installing, etc. software and services that are unneccesary. (again, frequent IT ignorance here. Idiots who don't know anything about software installation other than to select
And you've got everything locked down and then something comes along that needs to use Active Directory. Uh, huh.
-Some modicum of Blocking/Blacklisting/etc. access to sites/services that are known to be nothing but viruses, spyware, etc.
Not a reliable blocking mechanism, and probably done by many companies.
-Education, education, education. e.g. "No Ms. Jacobs, you should not click yes to the Bonzi Buddy installer." or "No, Mr. Harris, you should not type your local network password into that website's Java popup window just because it is asking for it.
I agree that this can be done with some things, but training is expensive, and things that are obvious to someone with years of experience in the computer industry may not be to Joe User.
-A well thought, clearly-defined acceptable use policy that is enforced - including termination for serious violations
Yeah, firing a leading salesman because he clicked "OK" in a Bonzi Buddy dialog is going to go over *real* well with upper management.
There are a couple issues here.
(a) Microsoft has made many extremely poor decisions WRT remote control over the local computer. Outlook hands email off to a full-blown HTML renderer, MSIE allows to be communicated with in many ways, is tied tightly into the OS, allows popups, has been used to push ActiveX and the like. Windows runs a number of network services out of box (and Microsoft treats the solution to the exposure of their poorly-designed-from-a-security-standpoint set of on-by-default Windows networking stuff as IP-based firewalling). Many folks are stuck with this (barring something extreme like switching to Linux, which is frequently not an option). A quick change to some policy will not fix these problems.
(b) Spyware vendors are smart and computer systems are complex. I won't bet on the ability of Joe User to avoid being gulled by SpywareCo programmer Mike Assmunch.
(c) Windows does not provide good tools for analyzing what programs are doing. Linux does not provide good easy-to-use tools.
(d) Personal computer OSes (Windows, classic Mac OS) are designed around easy configuration and administration by users rather than operating like a kiosk.
(e) Users value features and performance over security (which is really hard to see and measure, anyway...most people that "sell security" in a way that can be understood by the end user are selling the illusion of security -- personal firewall vendors, Verisign in general, etc)
May we never see th
Since when does a gov't agency care about harming legitamet industry?
Given the track record for technical knowledge of our goverment representatives (DCMA, CSS), I appreciate a little push-back from the FTC before everyone stampedes off to draft new laws, and way overshoots to a conclusion like "all software that communicates over a network is bad".
With the single exception of SPAM (because it is abusing the persistent naivite of the oldest network service ever), I think less legislation over new technology is more in the interest most people here, at least in the short term.
Usage: fortune -P [-f] -a [xsz] Q: file [rKe9] -v6[+] file1
I despise spyware, pure and simple. I work for an ISP, and the MAJORITY of people who can't get on the internet are infected with spyware. To me, spyware is the trojan horse (pun intended) of software. It is much more dangerous than a virus, because most people know what a virus is and can act accordingly. However, if you tell the average user that they are infected with spyware, they are going to be clueless A.)About what spyware is. B.)How to remove the spyware. C.)What program to use to remove it, which is EXTREMELY dangerous because there are so many spyware removal programs out there that contain spyware themselves. D.)That they actually have to do maintenance on their machine and clean it off at least once a month. I tell the user this and they go "why? is there any way to just stop it from coming in?" A lot of them say "shouldn't this be illegal?" I say yes, it should be, but it isn't. Spyware is a huge burden upon consumers and corporations alike. I say burn the creators houses down and string them up by their balls.
Listen to my experimental-industrial-techno!
You have no idea how ignorant this is. This "password safe"- do you REALLY think it's secure? Not by a longshot. One of the pieces of spyware that comes with your wonderful little program reports those passwords back to the company, and your wonderful little program- guess what? One of the easiest to hack that there is. Keep thinking you're safe. See what happens. Also, you sound like a damn ad for spyware. Knock it off, troll.
Listen to my experimental-industrial-techno!
Dear lord, thank you, someone that knows what they are talking about. I would much rather PAY for content than have to deal with this annoying infestation. I'm a gamer, and I also do video/audio encoding and sound production. I need every last little CPU cycle that I can get, and when something infringes upon that, I get PISSED.
Listen to my experimental-industrial-techno!
"Many can be uninstalled just by using the Add/Remove Programs tool. If so many people want to take it off, how come I find so many computers where it could be removed with a few clicks, and isn't?" This just is not true. The majority of spyware can't even be found in Add/Remove programs. "I can monitor what data a program on my computer accesses. It's not real easy to sift through all that information, but it's available if I want to use it. My firewall blocks outgoing transmissions unless I authorize them. I honestly don't care if there are a million programs on my PC spying on me, because the information doesn't leave my computer." You may be able to stop it from going out, but what about the resources that this data mining and pop up ad serving are stealing from you? And don't just say "well, I have enough to spare". That might do for the average user, but what about the people that actually USE their machines, and care if they have this crap installed? "I don't think it gets any simpler than that. That's the sort of laws that we're looking at. Either they're going to have loopholes so the intended software can get around them, or they'll be so broad as to outlaw all data transmission over the internet." Not necessarily true. What they need to do is to leave it up to someone who actually knows what spyware is and how it functions to come up with the basics, and have that person work in conjunction with a lawyer to iron out any loopholes.
Listen to my experimental-industrial-techno!
-----
Then you should be able to sue
-----
And you can!
For a $5000 retainer fee I will be happy to file the initial paperwork. I am part of an organization which is certified in all 50 states.
E-mail me with your contact info and we'll work out the billing arrangements. Once I have the $5000 retainer fee I'll file the paperwork with the appropriate courthouse and I'll keep you posted on responses from the judge and the defendant's attorneys.
+++ATHZ 99:5:80
-----
I can monitor what data a program on my computer accesses. It's not real easy to sift through all that information, but it's available if I want to use it. My firewall blocks outgoing transmissions unless I authorize them
-----
Just how difficult is it for a questionable application to get IE to conduct it's transactions in the background? We all know that processes can be running without having a friendly little icon in the taskbar. Would you ever notice an extra instance of explorer.exe that was called by some underhanded program?
No. You wouldn't. And your firewall wouldn't notice it either.
+++ATHZ 99:5:80
Have you ever wondered where that term came from? Well, the old farmhouses in the south (and maybe other parts of the country/world) had a shelf on the back porch where the large pan for washing dishes and babies resided. After the washing the pan was emptied onto the ground beside the porch. There was no grass there, generally. I assume that at least once in the past, some poor baby cried out too much while being bathed. You know the rest. I sometimes wonder how I got all these bumps on my head. My brother's head is smooth.
The future of advertising
Your home - In the near future
You are awakened in the middle of the night by the sound of the radio. You roll over and slap the alarm but the sound continues. You realize that it is coming from across the room and, instead of music, it is actually an advertisement for an enlargement pill. You stagger across the room and find a tape recorder glued to your wall.
As you turn off the tape recorder, you notice that a poster has been hung on the wall advertising a low-interest credit card. While staring in amazement at this poster, you hear another tape recorder blare to life out in the hallway.
You walk into the hallway to find this new racket. Switching on the light you discover posters hung every few feet on the walls, all advertising different products or services. In between each poster is a tape recorder. You turn off the tape recorder making the noise and another springs to life in the kitchen.
Swearing, you storm into the kitchen to find the same pattern of posters and tape recorders and even a flashing neon light attached to your window. As you turn off the tape recorder in the kitchen (and another starts up on the opposite side of the room), you notice that someone has pried open your back door.
Frightened now, you rush to the telephone to call the police. You pick up the telephone and dial 911. You put the receiver to your ear to speak to an officer, but instead you hear "Thank you for calling the all-night adult intimate chat line. Your phone bill will be charged at a rate of $500 per minute". You try again with the same results. You try 0 for the operator and 411 for information and its the same thing no matter who you call.
Horrified, you rush into the garage past a tape recorder asking if you are fat and a blinking neon sign declaring you to be today's winner. As you approach your car, you see that it has been spray painted with the address of a child porn web site.
You drive to the police station listening to an actor on the radio explain how you too can become a millionaire is just three weeks. You can't turn off the radio and the same thing is on every station.
You explain the situation to the police and they follow you to your home. You show them the crowbar used to bust open your back door. You show them the posters super glued to your wall. You point to the tape recorders scattered across the house.
The policemen take a few notes, then begin to leave. Confused, you ask them where they are going and they say "Sorry buddy, but there's nothing we can do here."
"What do you mean?" you ask. "Look at my house! Someone broke in and glued advertisements all over my walls."
"I see that. Unfortunately sir, no crime has been committed here."
"What do you mean no crime has been committed!? Look at this mess!"
"Yes sir, I see that. Unfortunately our government has decided not to make this sort of thing illegal. Instead, they have asked the advertising industry to regulate themselves and to follow 'Best Practices'".
"Best Practices?? What the hell does that mean? How can this possibly be legal??"
***
Internet advertising companies are out of control. The story above is fiction, but only in that I substituted a home in the place of a computer. What happened to the unfortunate individual in that story is exactly what is happening to countless millions of people every day when they turn on their home computers.
The Federal Trade Commission wants the industry to regulate itself. Will the people who distribute the coolwebsearch trojan voluntarily regulate themselves? I think not. To do what I described above to your home is illegal. Why should it be legal to do the exact same thing to your computer?
There are three things that tend to make something "spyware"
1. Sneaky Delivery
2. Secret Collection (of PI)
3. Resisting Removal
Below is a snippet from our Testimony prepared for the hearing. If anyone would like to see the full text, you can find it at www.netchoice.org
To combat spyware, NetChoice sees the following plan of attack:
Any approach to tackling spyware should employ a three-pronged approach of increased enforcement, consensus around industry best practices, and consumer education and empowerment.
Existing laws have teeth
Consumers are already afforded substantial protection against unfair and deceptive business activity conducted over the Internet, including spyware practices such as sneaky delivery, secret collection, and resisting removal. In the words of Federal Trade Commission (FTC) Commissioner Mozelle Thompson at a recent workshop on spyware, "our worst first response is to legislate." An FTC attorney on another workshop panel said that a lack of specific spyware legislation wasn't inhibiting FTC enforcement, and that precise spyware definitions aren't essential since the commission focuses more on "what actually happened" in each case it pursues.
Today, there is sufficient law already on the books that can effectively be used to prosecute spyware offenders. Section 5 of the FTC Act prohibits unfair and deceptive trade practices, and the Computer Fraud and Abuse Act (18 USC 1030) can be used to prosecute unauthorized use of a computer. In late 2003, the FTC obtained an injunction (later overturned) against D Squared, a small company run by two college students, that was serving pop-ups to consumers. The firm served ads using a since-patched security hole in the Windows operating system that bombarded customers with pop-ups and then offered to sell a tool to stop the exact type of pop-up it was sending. The case is scheduled for trial in September 2004.
In 2003, the US Department of Justice (DOJ) pursued a case where spyware was installed on machines at several Kinko's locations in New York City in an attempt to steal names, passwords, and credit card numbers from Kinko's customers. The perpetrator of this scam pleaded guilty to five counts of computer fraud and software piracy in July of 2003.
Market forces will squeeze the spies
Money is the mother's milk of spyware. Spyware firms need cash and the promise of ongoing revenue to cover their development and distribution costs for "innovative" new spyware technologies that can sneak past spyware defenses and collect information that appeals to advertisers. Almost certainly, this "arms race" between spyware attackers and anti-spyware defenders is more technologically complex and expensive than the comparable battle between spammers and spam-blockers.
Spyware vendors could fall further behind in this arms race if significant sources of ad revenue are diverted to other advertising channels. There is real promise in this regard, since the negative stigma of spyware makes it a poor choice for advertisers who want to protect their hard-won consumer brands. Further agreement on industry best practices to improve the notice, consent, and removal of adware products will further stigmatize the most parasitic spyware vendors and the marginal advertisers who support them.
An educated consumer is the best defense against spyware
Finally, consumers need to be better educated about the risks of downloading software, and about the tools and tactics they can use to avoid spyware. In conjunction with more aggressive FTC and DOJ enforcement, consumers should seek and install anti-spyware tools, many available at no cost, to remove spyware and inoculate against future downloads. But installation of these anti-spyware tools won't be a lasting cure unless users are conditioned to obtain regular updates of new spyware definitions and defenses.
A sig?!? I don't think so.....
All of the accounts I've heard from former Vietnam POWs say that everyone broke evetually. Those that didn't break were probably tortured to death and we don't have their accounts. So if he's claiming that they never broke him, in the absence of any 3rd party evidence, then his credibility has already taken a nose dive in my mind. Moreover, if he's equating not breaking with retaining his honor, that's even worse, and is an insult to all the other men who went through hell for years on end.
"The question of whether a computer can think is no more interesting than that of whether a submarine can swim" -EWD
So obvious really. If burglars and thieves would self-regulate themselves, we could have lower crime rates while saving money by reducing the police force! Self-regulated accountants and auditors would ensure that we never hear ill of such outstanding business achievements like Enron or WorldCom. And self-regulation at the government/state level means that nations could go about their own business without interference like Iraq or Afghanistan...
Viola! the Spyware makers will DDoS themselves when all these systems are phoning home.
"Teleporting Rodents with D-Cell Battery Displacement" theory -- IgnoramusMaximus (692000)