Slashdot Mirror
U.S. To Impose Spyware Control Laws
ArbiterOne writes "BBC has the story: A bill has been introduced into the U.S. House of Representatives to control the proliferation of spyware and malware. The proposed bill would force programs to inform the user before installing programs, and require that spyware be easily removed. A study by EarthLink found that the average user has 28 spyware programs on their computer!"
If anyone could provide a link to the bill that is mentioned in the article (which they neglected to even name) it would be appreciated, the article is broad and doesn't go in to the technical details that I'm sure ./'ers are interested in.
Distributed proteome folding @ WorldCommunityGrid.org
Team Slashdot - Members:#1 Run Time:#1 Points:#1 Results:#1
NONE!
Will this bill make it illegal for "copy-protected" CDs to add malware to your computer through autorun? Will they be required to make it easy to remove the malware?
I had once to repair a user PC (average Joe's) with about 1447 installed whatnot... (according to adaware) It was taking the darn thing 35 minutes just to boot up and was veryyyy slow when operating. And she was having quite a powerfull machine too..
It is a shame that things like this need to be made law.
I expect that spyware already falls under the Computer Misuse Act 1990 in the UK regarding modification of a computer system without the user/owner being aware.
As far as I am aware, these bits of software are viruses and should be treated as such. Including the writers of said spyware.
Why is legislation necessary here? this is a problem that could be solved with just a little technical nous.
Instead, we get another law, pretend it's enough, and find it's as toothless as the paper it's written on.
Once installed, it can redirect web searches, install bookmarks or bombard a user with pop-up ads tailored to other search terms. It can also drain computing power, crash a machine and, in the case of the most malicious spyware, steal confidential information
A friend of mine works for a technical call center for a large US hardware manufacturer. The contract he works on is supporting notebook computers.
A customer recently called in because his computer was running slow. After installing and running ad-aware and spybot, the customer had over 4600 spyware programs. Yes, you read that right, over 4600 spyware programs. It's a miracle that thing ran at all.
Legislation to curtail spyware is long over due. An operating system that is resistant to spyware is already available, and it ain't Windows.
Ruby on Rails Screencast
Why is it that the Beeb has the scoop on a pending US bill, before I can find this story in any of the major US media outlets?
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
The average WINDOWS machine has 28 spyware programs on it.
boycott slashdot February 10th - 17th check out: altSlashdot.org
It would be interesting to see what percentage of these "victims" used IE as their browser exclusively. I only use IE for sites written by fanboys which require IE. Otherwise, I use Opera. For kicks, I ran spybot on my pc at work and all it found were about a dozen cookies. The techie who suggested doing this says that the typical pc on our network has anywhere from 20 to 50 bad things. Go figure.
"Would it kill you to put down the toilet seat?" -- Maya Angelou
It is, but I can't see it being useful.
Unless it contains decent punishments of course, like say.. Dragging the Spyware foisting bastards out into the street and shooting them in the back of the head, or some sort of testicle electrode device (like a "home detention" prisoner, goes off whenever the spyware "calls home")
The earth is 98% full, please delete anyone you can!
It uncovered an average of 28 spyware programs on each PC scanned during the first three months of the year.
How exactly was Earthlink able to detect the installed spyware? Tracking outgoing requests that were related to known spyware apps? Or did they allow users to run software that reported back to Earthlink for this survey?
C:\>
Again, 90% of the spyware ppl will either find away around it or trick ppl into downloading it. This is spam in another form.
At least the lawmakers *look* good.
That's conservative.
If you include the cookies and registry entries that number has been into the hundreds for the clients I have been removing spyware, malware and adware from.
When clients asked how they can legally do that, I can only point to the fact that it says so in the obfuscated end user agreement the company bets your not going read.
SO if this law is passed, just how will it be enforced?
It's been on Slashdot mentioned before, but a good starting point for this kind of legislation is Google's Proposed Software Principles defining what honest programs should be doing.
This is great except for the fact that companies like Claria (aka Gator) will simply buy a politican to say that their "products" are not spyware, and therefore not covered under this bill.
a lot of spyware already 'informs you'... its just that the average public just clicks right through all of the legal stuff anyway.
Of course, the definition of "spyware" is critical. Legislatures in the past have had a hard time defining computer-related terms without making them too broad (for example, is your web browser spyware? After all, it's sending cookies back to all kinds of web sites!)
Have you read my blog lately?
I am sure this new law will be a overwhelming success story like the recent CANSPAM act.
And now excuse me, I need to clean my Inbox again.
People have on average 28 spyware programs?
holy crap!!
well, at least this is another notch in the belt of opensource.
That just amazes me. I tried a while back to see how easy it was to create one and installed a windows machine and hacked together an easy directx control that installed itself on page load and changed (just for testing) the word "Yahoo" into the word "Shit" and then had fun surfing aroud on "Shit! mail" and "Shit! autos".. It took a total of about two hours to create in Delphi and I am a unix programmer not a windows programmer.
Just thinking how easy it would have been to make one that replaced 460x80 images with one from one of my servers and this really does not surprise me.
anime+manga together at last.. in real time.
my 84 ?
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
What we really need is an act that would BAN malware, etc. altogether.
Not as if it really matters. This bill, if passed, would only drive malware underground, and it'll be much harder to control. Viruses have been illegal for *years* but we all know how much they continue to plague humanity.
i was doing a bit of a cleanup and secure job on my girlfriends roomates comp yesterday and found well over 300 pieces of spyware and malware, not counting legitimately installed adware. I cannot feasibly imagine how this happened, but most of it seemed to be multiples of each kind, and when counted that way the count is down to about 75 different pieces of crap. guh when will people learn??
I'm a little tea pot.
I wonder if this will destroy SunnComm's copy protected CD model? The CD installs software on a Windows machine without user permission to prevent them from accessing it directly. Obviously this can be bypassed with the infamous Shift Key "Hack" anyway, but it works for most people cause they don't know what it is doing in the background. This bill could force SunnComm to get the user's permission to install the software, and even Joe Shmoe could bypass it then.
My roommate's computer had over 50 malicious executables that I had to uninstall... talk about a pain in the butt... *sigh*
A key congressional panel endorsed a bill that would force the makers of spyware to notify users before installing any software on their PCs.
As someone closely involved in the ISP Tech Support business anything that can help eliminate this problem would be gratefully received. I'm not sure this is going to have ANY effect though. 'Legitimate' (if that's not an oxymoron) spyware installers already notify users through an EULA or similar. The illegitimate ones don't care about the law anyway so will ignore this. What we really need are steep penalties for offenders when they are identified.
Oh, users who don't click on any message that flashes in front of them without reading it first would be helpful too.
I only have 0 spywares on my ENTIRE network. :(
This law is probably going to read something like this...
If you make spyware you pay fines or get sued or go to jail or something. Obvious loophole included.
My law would look like this:
If you get spyware on your computer, you are no longer allowed to use a computer.
The logic is that you need a license to drive because driving poses a risk to others. Well, I think the rest of this paragraph is implied so I wont bother typing it. Catch my drift?
The GeekNights podcast is going strong. Listen!
Oh wait... NONE!
28 pieces of spyware on the drive 28 pieces of spyware Go to download.com get a "Removal app" 29 pieces of spyware on the drive! _
But seriously, there are a lot of apps out there pretending to be "spyware removal programs" that are actually spyware themselves. ACCEPT NO IMITATIONS!
10 Bits= $.25
100 Bits= $.50
110 Bits= $.75
1000 Bits= 1 byte
This is only been proposed in one of the two US legistlatures. There are a few hurdles to pass before it becomes law, if ever.
Once again, our older and wiser brethren have decided to make laws about issues they certainly know little about. Apparently, someone forgot to tell them that spyware installed by a website hosted in some foriegn countries may not be covered under our U.S. law *gasp*. It's really funny how the election process works.
1. Vote for someone who wants to be in office whether or not he/she has any real experience.
2. Watch helplessly as he/she fsck's up your county/city/country for a few years.
3. Loudly complain about how fscked things are.
4. Vote for another schmuck who promises to fix things.
5. Lather, rinse, and repeat.
It's amazing. If company's were run like countries, the entire world would be an economic cluster-fsck. If law makers were actually required to know a little about things like economics, technology, science, etc., they might actually be able to make laws and regulations that actually help the people they are meant to help, and not the company's/special interests they really help.
MT problem: http://www.crookedtimber.org/archives/001832.html Soooo, it turns out that moving a Movable Type blog from one host to another using MT's "Import" facilities works OK -- up to a point. An unforeseen problem is that the MT installation in our old home had a couple of other blogs running on it prior to the birth of Crooked Timber. This meant that archived CT posts on that system didn't have IDs starting from 00001.html --- they started from 200-odd. Posts on the new host do have IDs starting from 1 (or 31, actually, for other reasons). The upshot of all this is that if links to this blog are currently broken -- e.g., if you linked to a CT post from a few months ago from your blog, that link will still bring you to this site, but to the wrong post. That's not good. Now. What I want to know from the MT whiz kids who read this blog is, can this be fixed? ...
I deal with a lot of spyware/adware at work, and one of the big problems is that the user usually has no idea why the advert windows are popping up, nor from where they're coming.
I'd love to see spyware makers be forced to provide a small link at the bottom of *each advert window* that says something like, "This advertisement is being shown to you by $NAME_OF_PROGRAM. Click here for more information." Then, you could click the link and be taken to a page with a brief description of what the program is and what it does, and how to remove it. If it was installed because you installed KaZaa or whatever, it should say so there, too.
Perhaps I should torture myself further by dreaming up more completely reasonable but totally impossible things...
The statistic "the average user has 28 spyware programs" is misleading at least if not plain wrong.
Two reasons:
- The Earthlink studied counted certain cookies as spyware. Whether some cookies are spyware or not is debatable. However, cookies *are not* spyware programs.
- The average user is the wrong metric to look at. The median would have been more relevant.
Personally I think most users have a small number of *spyware programs*. But lots of cookies.
It looks like this bill is only designed to protect banks and their own boxes. Better luck next time Average Joe American.
Steal This Sig
28 spyware programs? No, that's not at all what Earthlink said. They did I study counting the number of spyware programs, adware programs and tracking cookies, and found an average of 28 per computer. Someone, either malevolently or ignorantly, decided to trumpet this as 28 spyware programs per PC. Even though the number seems on the face of it absurd (it is), most reporters and Slashdotters don't bother digging in & figuring out what the number really means.
So I don't know if the writer & editor thought it was funny or true, but either way, stating that the average computer has 28 instances of spyware is outright false.
If nothing else (it will be extremely difficult to police, after all), this bill will hopefully increase spyware awareness amongst the average n00b user. While most users are aware of the need for up-to-date antivirus packages, especially after the recent spate of high-profile hits, most are blissfully unaware of programs like Spybot Search and Destroy or Lavasoft AdAware, which I feel are just as critical a part of my security armoury as my firewall (ZoneAlarm) and my AV (NAV).
On a slight aside, Norton AV does include a certain amount of spyware scanning in their latest version (NAV 2004).
Playing poker with a joker and some Uno cards
That was suppose to say (!windows)
I guess that's what the preview button is for. Duh.
for anyone interested, this is the spyware scanner tool that was by used EarthLink to come up with their stats.
The spyware situation on the Internet is really starting to get out of hand. Every time someone asks me to fix their computer, it's loaded down with spyware. I remove it, and then a week later it's full of it again.
The problem lies in several places:
1) Users running insecure operating systems and browsers. This isn't going to change, your average user is going to continue to use Windows and IE.
2) User stupidity. "Hey, that message says there's a problem with my computer, I'd better click 'Yes' to fix it." or "It said I had to click 'Yes' to enter that web site." User stupidity is also not going to change any time soon.
3) The creators of the spyware viruses. I would call many of these programs viruses, because in my opinion, any software unintentionally installed that resists removal attempts is a virus. Even with anti-spyware software, some of these things are a real pain to remove from a machine.
Legislation is a step in the right direction, however it's not going to solve the problem, since the Internet is global. The spyware companies will also find loophooles/small print and other ways to keep doing what they're doing anyway. Writing viruses is illegal, and people still do that on a consistent basis.
The only solution to the spyware program is a targeted campaign to teach users how to recognize spyware and not get it installed in the first place. Combine that with a list of common software that installs scumware (such as RealOne Player) and educational materials on how to install real anti-spyware software (not just more spyware that claims to be), and then we can slowly start to move towards lowering the number of infected machines.
Even if the law works perfectly in this country (doubtful), there's still a big world full of Bad Guys out there, willing to send you shit over the dub-dub-dub.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
Since we all know how technical majority of politicians are, I can just see them basing this whole bill on the definition of spyware. If you ask any of the companies that make spyware if their product is spyware, everyone will say that it isn't. This is just going to lead to millions of dollars being wasted on deliberations as to the definition of spyware etc.
This bill it just an attempt to treat one problem. Why don't they make an ethical software bill where all software is required to follow certain standards. Don't worry about the user being informed of the reporting of their personal info. There are too many ways to legally get the consent of the user like a 349575 page EULA. Just focus on things like being easy to find and uninstall. This would make all spyware as we know it illegal. Also, required all software list the legal name of the individual(s) or company that developed the software.
While I think that spyware and virus writers should be summarily executed, we all know that it is better to treat the source of the problem. Do something like imposing a small fine for every piece of software they install on your computer without giving you the ability to uninsall it with less than 10 clicks and no visiting a website (that doesn't exist) to complete the uninstall process. Figure $5 per violation, they'll be out of busines in no time.
If I drive fast enough at the red light, it'll appear green.
here - don't know why this link wasn't in the story itself, but if anyone has any questions about those figures, go there.
Stuff.
Using an unnetworked computer is like using a car on your own private race track.
Using a *networked* computer poses a risk to others.
Your law should look like this:
"If you get spyware on your computer, then your Internet connection gets yanked."
Do they mean 28 actual spyware programs? That seems pretty hard to swallow. Or do they mean 28 tracking cookies (which are OS independent).
-a
FULL DETAILS: http://thomas.loc.gov/cgi-bin/query/z?c108:H.R.292 9:
Major highlights (and these are some BIG things people):
REGULATION OF EULA's:
(1) LOCATION OF LICENSE AGREEMENT- The terms of such license, contract, or agreement shall be set forth on a World Wide Web page and the mechanism by which the user of the covered computer agrees to such license, contract, or agreement shall be included on the same page.
(2) NOTICE- The terms of the license, contract, or other agreement shall--
(A) include provisions, that are clearly stated and prominently displayed, which specify that agreement to such license, contract, or other agreement constitutes consent to transmission of the spyware for purposes of subsection (a); and
(B) clearly explain the purpose of including the spyware.
REQUIRES COMPANY IDENTIFICATION:
(3) IDENTIFICATION- The name of the person or entity transmitting the spyware, a valid physical street address of such person or entity, and a functioning return electronic mail address for such person or entity shall be included on the World Wide Web page referred to in paragraph (1).
ENFORCEMENT
(a) ENFORCEMENT THROUGH FTC ACT-
(1) UNFAIR OR DECEPTIVE ACT OR PRACTICE- A violation of any provision of this Act or any regulation issued under this Act is an unfair or deceptive act or practice unlawful under section 5(a)(1) of the Federal Trade Commission Act (15 U.S.C. 45(a)(1)).
(2) GUIDELINES AND OPINIONS- In order to assist in compliance with this Act, the Federal Trade Commission may issue generally applicable guidelines and, upon request, advisory opinions with respect to specific types of acts or practices that would, or would not, comply with this Act.
(b) CRIMINAL PENALTIES- Whoever--
(1) violates section 2(c) or the regulations issued under such section, or
(2) knowingly violates any other provision of this Act or any regulation issued under this Act,
shall be fined under title 18, United States Code, or imprisoned for not more than 1 year, or both.
Distributed proteome folding @ WorldCommunityGrid.org
Team Slashdot - Members:#1 Run Time:#1 Points:#1 Results:#1
The good ole UK gets a five-hour jump because of the way the shape of the Earth creates night, and human physiology requiring sleep, and human society preferring to sleep at night.... :-)
First, the BBC doesn't have a scoop. I've been reading about the story for days. This piece is almost certainly a pickup from Reuters or another agency. (If it was a Beeb piece, the story would have a Beeb byline.)
Second, you haven't seen it on the evening TV news because it isn't that much of a story. The bill, one of several on the same issue, made it through one House subcommittee. If it passes and is signed into law, then it might merit mentioning on "major US media outlets?.
If spyware wasn't in the news this week, you'd likely not be seeing this story get any play at all. The story is, in fact, getting play because it make a nice sidebar for the other story this week about most PC's being infested with dozens of spyware programs.
-- Slashdot: When Public Access TV Says "No"
Clear IE cache and that will remove a lot of the tracking spyware cookies which show up as spyware. Then the spyware checkers will run faster.
"A study by EarthLink found that the average user has 28 spyware programs on their computer!"
:P
No, the average EarthLink user has 28 spyware programs on their computer
Perhaps some quality folks like Google can offer up a service whereby Joe Sixpack can browse to a website and get his Winbomb box serviced, much like he takes his car to a service station: He pulls up to the website, orders a cleanup/tuneup from the website, website cleans all the crap off his machine, checks his security settings, makes a few recommendations with the offer to do it for him on the spot, shows him a few ads whilst the PC is being serviced and then waves goodbye, telling him that his machine is being rebooted and will be ready to roll after it comes back up.
What is that old adage? When faced with a bunch of lemons, make lemon pie? I forget but you get the idea.
Everything in the Universe sucks: It's the law!
I'm sure it's not 28 spyware programs, but rather 28 things which adaware or spybot finds and theres a big difference between the two. And does that number include tracking cookies? (i wouldn't count that as spyware anyway)
Full body of the bill in question (H.R. 2929), researched here:
HR 2929 IH
108th CONGRESS
1st Session
H. R. 2929 To protect users of the Internet from unknowing transmission of their personally identifiable information through spyware programs, and for other purposes.
IN THE HOUSE OF REPRESENTATIVES
July 25, 2003
Mrs. BONO (for herself and Mr. TOWNS) introduced the following bill; which was referred to the Committee on Energy and Commerce
A BILL
To protect users of the Internet from unknowing transmission of their personally identifiable information through spyware programs, and for other purposes.
SECTION 1. SHORT TITLE.
SEC. 2. FTC AUTHORITY TO REGULATE TRANSMISSION OF SPYWARE PROGRAMS.
SEC. 3. ENFORCEMENT.
"It is a solemn thought: dead, the noblest man's meat is inferior to pork."
You don't think they'd be saving a ton of money on tech support calls for "MY COMPUTAR IS FLOODED WITH POPUPS" if they would put some sensible policies to place to deflect spyware? I'm quite convinced that the money wasted on supporting these people far outweighs the profits they bring in from the odd user who buys a new computer instead of popping in the System Restore CD.
what products I am supposed to buy, since the "helpful" computer won't tell me anymore?
I'm head desktop geek for a publishing company in the United States, and I spend more time dealing with this crap than any other single problem.
:-)
I've been getting asked quite a bit lately what exactly it is I do when I clean up someone's machine. The problem is, while some of my techniques are easily documentable, alot of it comes from just eyeballing the situation and figuring out what doesn't look right.
I watch the Slashdot threads regarding spyware often and, until recently, have merely lurked. Today I registered, so I can share this with everyone. It may be a bit off topic, but let us be real - legislation isn't going to take care of this problem anymore than it has spam. Some of you probably know all this already, but I hope that those who don't get some use out of it. Obviously I can't take any responsibility if you screw up your computer, so be careful out there!
Note: Use Mozilla or Firefox. Not using IE will prevent 99% of all spyware infection. I highly recommend it, for yourself and your friends and family. This is the number one step you can take to prevent spyware and hijacking, as well as preventing weekend trips to the inlaws/cousins/siblings to clean up their infected machines
What is Spyware?
Spyware, Adware, Malware, Crapware, Roachware (because just when you think you've gotten them all...); all of these terms refer to a virus-like category of software which is placed on a computer for the purpose of generating revenue, usually either by displaying popup ads, redirecting search requests from within the browser, or collecting demographic information.
The programs themselves can end up in a number of different places:
- As an item in the Run key in the registry (the listing of startup programs you
see in MSConfig) - Specifically,
HKEY_LOCAL_MACHINE\Software\Microso ft\Windows\Curr entVersion\Run or
HKEY_CURRENT_USER\Software\Microsoft\Windows\C urre ntVersion\Run
- As a Browser Helper Object (BHO), a class of ActiveX control originally designed for extensions to Internet Explorer, such as Toolbars. The Google Toolbar, Yahoo! Companion, and Acrobat Reader plugin are all examples of BHOs
- As a link, EXE or DLL file which is placed in a URL, such as a default Search URL or the Home Page. IE uses a set of URLs to control its automatic search behavior. When these URLs are triggered - or the home page is opened - either the page is opened containing ads which the URL is designed to impress, or the EXE or DLL is called to generate popups, verify it is still installed, etc
- As a registered DLL which is loaded on startup as an operating system component (Nasty!)
For the executable files loaded on startup, these programs - in addition to their main ad generating function - will generally check to see if their components are still properly installed, and if they are not, they will reinstall themselves. This is why you will often see spyware mysteriously come back after you think you've succeeded in removing it.
Many of these programs will also alter Home Page and Search URL strings, so that every time the browser is opened or a search takes place, an ad impression or page hit is generated by the program's controller.
The nastiest of all these programs will have more than one process running at any given time, watching its companion processes - so that if you kill one, its partner launches itself again. It's like Whack-a-Mole, but without the cheap prizes they give you for tickets.
Most of this stuff gets installed piggyback with things like Comet Cursor, browser "skinners", various toolbars, downloadable games, etc. The nasty ones, however, will use security holes in IE to install themselves without the user having any clue. Others act as "gateway programs" - once one of them gets on, the others get carte blanche.
Now that you've got the basics on what this stuff is, it's time to look at removal techniques.
*** formica has quit IRC (connection reset by phear)
I'ts not on your Amiga also... and your point would be?
Does the 28 include Windows XP? Because I'm pretty sure that product activation would qualify as "spyware".
Which confirms what we all already know, that the average computer user is an idiot.
I have, like many here, also been responsible for cleaning many of these ridiculous "marketting tools."
On some level, everyone involved knows what they are performing morally questionable acts. That fact isn't deterrent enough. Many of these programs make great effort to prevent their removal which is pretty strong evidence the authors and distributors are aware that these annoying programs are rejected by the very people to which they wish to market.
A criminal law is certainly needed in order to punish these people who create and distribute these programs. In order to mark a clear distinction between "honest enterprisers" and "despicable bastards" the law must be present to define exactly where the lines are to be drawn between the two. After that, there will be at least one or two people put into prison because of it just as the "too weak" anti-spam laws have.
Consider which is worse? To do too much or to do too little?
To do too much could cause irreverible damage. To do too little is forgivable and correctable.
The proposed bill would force programs to inform the user before installing programs, and require that spyware be easily removed.
Hey guess what - people are already informed when these programs are going to be installed. I'm not aware of anything that requires zero user interaction to install, do you? It's either bundled with some other app (seems like this would still fall inside the bounds of this law) or it's through a popup in IE. So instead we'll have spyware programs asking for user confirmation in addition to IE asking for user confirmation - but what difference is that going to make? People already blindly click on the IE security popups.
So oh well. I guess we'll see if this makes a difference, but it seems that the often very subjective distinction between spyware and legit-ware will remove any hope that legislation is going to solve this problem.
- whm
Do people who write malicious software really tremble any time some dillusional congress critter gets it in his head to attempt something like this? Are people really deterred by any (alleged) action taken by ANY goverment, let alone the US?
Seeing as how well the CAN-SPAM act has been working out, I'm not going to hold my breath expecting great things from this bit of rubbish, either.
Educating the masses on how to protect themselves is the only way to defeat spyware and viruses. (Well, that and don't use IE). But, then again, it's the educated masses that the government fears the most.
Aw, screw it. Maybe they should make you take a drivers test before you get on the Information Superhighway®.
Ryosen
One man's "Troll, +1" is another man's "Insightful, +1".
I've fallen off your lawn, and I can't get up.
I hate to say it but more drastic steps are needed to put even a dent in the spyware/malware problem. All laws can be loopholed and the average PC user will not patch their system against such things. Until someone takes the law into their own hands and starts distributing spyware/malware destruction tools the same way that spyware and malware are delivered, there will never be an end to it. I seriously wonder just how much the the worlds bandwidth is taken by spyware, malware and spam. I bet the number would surprise a lot of people.
Taxation on the program, per installation, and a tax on the ads devivered via spyware. While we're at it, maybe a tax on each byte of data sent outbound via spyware. Killing spyware is then a simple act of following the money and taxing the hell out of those who distribute or benefit from it.
Can someone explain why americans love bashing France, in a manner of history.
I thought the french helped the americans with their struggle against the UK for independence.
27 peices of spyware on the average computer? I do computer maintance as a part time job. Thats the very least people have. Usally its around 200, ive seen it go up to 1500. This bill will do about as much as the can spam act. The best way for people to combat spyware is to go mozilla at the least, dumping win would be the best way.
the eula is meaningless if the software was installed simply by visiting the web site or clicking on a link.
Abettterinternet is just one example among a vast number of dodgy sites visited by uneducated users.
------
beware he who would deny you access to information, for in his mind he dreams himself your master
the cost of dealing with the support calls, plus customer dissatisfaction (remember, people _never_ blame themselves, it's always either the OEM or Microsoft's fault) dwarfs the extra profits from selling an extra box or two. People don't think: "Boy this Dell is slow, time to buy a new Dell", they think: "Boy Dell sucks, time to buy an Emachines".
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
don'tcha just love it when one hand of Corporate America Chops Off the other hand? It's kind of like watching a slow motion train wreck, or a circular firing squad.
RS
Shoes for Industry. Shoes for the Dead.
he should. Or he should stop bitching, take it to a shop and pay $60 dollars every 3 months when the computer becomes unusable. If I can shell out $60 bucks for an oil change every 3 months (I'm lazy, and I like to use full synthetic), why the hell should a computer user who's willfully ignorant (i.e., he doesn't understand his computer, and he doesn't want to) get by paying $35 bucks once a year to some over worked tech, and never expect another problem a day in his life?
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
The new technology, dubbed Windows XP, also allows content providers to retrieve information from consumer desktops, such as usage patterns, automated bug reports, and passwords sniffed from the user's keyboard. The technology require only that a consumer plug a computer running the innovative technology into the Internet, and content providers can then locate that computer and send their content, including audio, video, innovative pop-ups, worms, and viruses, to it.
Ad-Aware
Spybot-S&D
Every Windows PC needs these installed, updated, and run at least once a week. You need both: sometimes one will catch something that the other won't. Even then you are not 100% safe. For really nasty Spyware:
HijackThis!
Note that HijackThis! is NOT for joe user! Removing the wrong entry can disable legitimate apps. Also, for IE users:
You could set up tighter ActiveX permissions than this, but doing so would disable Windows Update, which is just as dangerous.
Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote.
And what will they say?
That the spyware is going to slow their computer down by 20%, or constantly download streaming AVI files to play in a banner window its about to pop up?
No, its going to say that its improving your internet experience. Or is about to give you a better deal to a Flordia vacation. Or that its going to make your life better.
How 'bout legislation requiring that each piece of spyware be registered through some kind of tracking agency that decides if the spyware is actually a piece of software that the person might willingly install?
Who's going to install something that says its going to popup banners on your desktop every 3 minutes on the dot? Or something that says its going to transmit your personal usage information to some corporation so they can send you more spam? Who's going to install something that takes up 30% of your system resources so it can go off like a fucking ape whenever its raining nearby?
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
No programs required. No messing required. No firewalls/linux gateways required. No spybot/hijackthis/adaware required. No antivirus scanner required.
Its known as Firefox. Use it, love it, never worry about adware/malware/spyware ever again.
This is a stupid law, spyware can be stopped with basic security, what we _really_ need is laws to protect people who write anti-adware software, you should be allowed to infringe trademarks and copyright of advertisers and say "this software will get rid of x and y adware" and the advertising pigs shouldnt have any power to sue you for somehow 'infringing' on their business model, maybe they don't already but i wouldnt be surprised. The same goes for pop-up blockers etc (and tools in general but thats off-topic)
This comment does not represent the views or opinions of the user.
Why are the users not blamed for allowing this crap to be installed? The age of PC innocence is OVER. There is no reason that users should not KNOW that using computers can be dangerous.` Users should at least read enough of the EULAs to see that something is being loaded on their machine. Clicking through EULAs is just as stupid as running mail attachments. I realise that it is possible that some of the malware is 'stealthy' or are cookies, but the vast majority of it is legitimate software in the sense that it DOES require that a user click through a EULA. Why is it that these users are always seen as victims and are not held responsible for their actions?
A good portion of my day is spent dealing with spyware. I've noticed that in the past several months it has gotten worse, in some cases far worse.
A law in the United States will only affect those companies with a legal presence in the United States. Many, many companies that offer software aren't in the U.S. Even if the law is effective on companies here, it will just migrate to somewhere that it isn't regulated and those Kaaza type companies will still be immune.
While I hope you are right, I think that you are wrong and I guess that my attitude is that it is probably better dealt with using technology than laws. The loopholes in technology are easier to close.
My ideal solution would be a system that would detect all types of malware and security threats and know how to fix them automatically. I'd like to see one component be "forward looking" where it would monitor computers and forward suspicious activity to a database that would be used to identify new threats in an almost real time manner. Of course this in and of itself could be considered "spyware" by some (because it would be reporting activity on your computer). But if all of a sudden xyzabc.dll started appearing on hundreds of computers in a short period of time, a human could evaluate it and figure out if it is a threat. If it is, it could be blocked on uninfected machines.
Why? Malware companies will avoid prosecution exactly the way spammers do- by operating out of a country which doesn't give a flying fuck about US laws.
Please help metamoderate.
There are automated tools that can invisibly install software (that's one of their strengths) that administrators can use to deploy things (automatic patch updates included). Does the bill allow for these?
There exists no way of exchanging information without making judgments. --Bene Gesserit Axiom
/counts more than 40 *wares on a computer
It's actually not mine, but someone from the place I work. They have a laptop that gets to connect through a regular modem, and for some reason, they weren't a restricted user...
Cookies are used by large marketing firms to track your viewing habits at popular web sites. The spying can only be done if a particular PC's browsing habits can be traced to a particular registered user. It is no different than collecting credit card information, phone numbers, and zip codes at retail stores. However, if you value your privacy (And who doesn't on /.) ,then you need to reduce the number of cookies your browser (Mozilla, Opera, IE) accepts. IMHO cookies do not CONTROL or FORCE your computer to do anything.
The more insidious forms of spyware such as "coolwebsearch" exploit IE browser holes and redirect your browsing. Microsoft, Opera, and Mozilla coders have been patching lots of different security exploits. Some might argue that Mozilla and Opera a farther ahead in this game.
Have you Meta Moderated t
Here me out since I dont want to appear extreme.
This legislation will do nothing as EULA's pop up anyway telling them they are part of a "mass marketing service" aka spyware.
I consider these horrible things worms and viruses! They install backdoors, slow down systems, slow network traffic, and cost corporate American tons of money.
I worked at my university in a computer lab last semester and have seen 3 ghz pentiumIV machines turn into 486's, saturate the t3's with traffic, and some even install keyboard loggers just like real virii! Tell me how this is not a worm? What if a student uses a pc for a credit card transaction? A hacker would have everything right there to do real damage.
They are as bad as spammers and I would love to ring my hands around their developers necks.
It needs to be outlawed. How many people are being hurt financially individuals, and businesses? What is the cost of damage claria (formerly gatorsoft) and divx doing compared to worm infestations? Network traffic goes up too. I am sure the telecomunitcaion market and Cisco love spyware too for that reason.
If something runs unathorized on someones computer that does damage then it ILLEGAL under my book and the author should be punished. After all I could be thrown in the slammer by hacking into my neighbors system right? Why not for a CEO whose products costs hundreds of millions in lost productivity?
http://saveie6.com/
It first glance I liked the idea of a law that requires a program to be easily removed. This would make spyware (and some badly written, but useful software) easier to remove when I choose.
But then I wondered about certain security patches that say, "Once this Security Patch is installed it cannot be removed." I see this with Windows all the time and suspect it applies to other OSs in certain cases.
The law will need to be carefully written to exclude OS patches and the like or we could have a mess.
Remember... ZG9uJ3QgZm9yZ2V0IHRvIGRyaW5rIHlvdXIgb3ZhbHRpbmU=
But where do you draw the line?
Companies who do this shit have lawyers who look for loopholes. After all gatorsoft could consider commit cursor just a simple program with cookie functionality and not spyware, etc.
Tracking should be illegal since EULA's are not legally binding documents anyway. If you want to track fine but not on someone elses cpu cycles.
http://saveie6.com/
Second, a large chunk of spyware does get consent already, to the extent that it asks first, and only installs if the user says it is OK. The problem here is that most users don't read dialogs. They treat any dialog that is not obviously directly related to something they are specifically trying to accomplish as an annoyance and they click on whatever it appears to take to get it to go away.
What is needed is a standardized "consent manager". Any program that wants to install, etc., would invoke the consent manager, which would tell the user what the program wishes to do, give the company's privacy policy, etc. There should also be a standardized set of items to include in privacy policies. The consent manager could be told by the program what the company policy is on each of those, and the consent manager could display those in a table or something, instead of buried in the EULA, and highlight those that differ from what the user desires.
Users might then learn that when they see a dialog from the consent manager, it is something that is important, rather than an annoyance to click through.
In other words, it will make drive-by downloading illegal - if it wasn't already illegal.
In the UK, it is illegal under the Computer Misuse Act, and I'm sure there is an American equivalent of this.
A study by EarthLink found that the average user has 28 spyware programs on their computer!
Yep- 28. And I'm getting $60 an hour to get rid of it.
Lemonade, boys. Make lemonade.
A lot of spyware programs come along with other simi-legit programs and the user IS notified, and they give permission to install, among other things.
While i despise spyware, how can you blame an industry when the users refuse to read the agreements?
Just what we need, more laws that do nothing to help people, only to create a larger government.
---- Booth was a patriot ----
According to Senate sources, this four-minute video, comprised of several clips, came to be after several verbal and written inquires were made to the Defense Department at the start of 2004. It is an edited version of several different tapes, totaling between one and two hours, discovered after the regime's collapse. The translations of the words heard on the tape were provided by the Department of Defense.
"You don't appreciate what happened in that prison until you see it."
The first film clip opens with the camera showing a man standing in a bland, mostly empty room. The camera pans down to show his right hand. Folded rugs are visible in the background. The clip jumps to footage of scrub-clad "surgeons" with rubber surgical gloves severing the man's hand at the wrist. First the skin is peeled away with surgical knives and tweezers; ligaments, tendons, muscle, and bone underneath are exposed. Then the gloved hands wielding the knives begin to slice, shredding through the sinews, slashing muscle, breaking bone, until the hand is ultimately detached and plopped onto a green cloth, as yellow, pulpy tissue spills forth.
"You don't appreciate what happened in that prison until you see it."
The next clip opens amid Saddam Fedayeen -- Fedayeen means "those willing to die for Saddam" -- chanting loudly: "With blood and spirit we will redeem you Saddam." The Fedayeen stand barking and clapping in a courtyard. A blindfolded prisoner, forced to his knees and held in position has his arm outstretched before him along a low concrete wall. A masked member of the Fedayeen raises high a three-foot-long blade and ferociously slams down on the man's hand, slicing through his fingertips. The victim is wailing, howling, screaming in agony.
The swordsman-torturer, not sufficiently satisfied with his first effort, raises the sword again and drives down once more on the man's immobile hand. This time he severs the fingers closer to the knuckles as blood spurts cartoonishly from his hand spilling over and down the concrete slab. The victim emits a wail I have never heard -- could never imagine hearing -- from a grown man, this time louder, harder than the first.
The camera then turns to the assembled Fedayeen as they continue rhythmically chanting.
"You don't appreciate what happened in that prison until you see it."
In the third clip, a prisoner sits on the ground, his arm tied with white cloth, strips to a wooden board resting on a gray concrete slab. A man stands before him with a sword, this blade is wider than the last. He, too, strikes down on the man's hand, severing it from his right arm as the prisoner recoils in pain. The camera then quickly darts to the man's hand resting on the dusty ground several feet away as it was launched a considerable distance from the prisoner due to the force of the torturer's chop.
"You don't appreciate what happened in that prison until you see it."
When Mel Gibson's movie The Passion was released, several critics harped on the scenes where Jesus is flogged mercilessly by Roman soldiers. The brutality was so extreme, critics charged, the depiction bordered on parody -- it was not a credible rendering of what could have happened to Jesus.
In the fourth clip in the Saddam torture film, it's clear Gibson's cinematic vision of just how depraved men can be was not divorced from reality.
A tall prisoner, stripped to the waist and blindfolded has his arms tied before him to a white pole, his bare back exposed. Black-clad Saddam Fedayeen surround him, jackal-like, as one begins to pound on his back with a black rubber whip. With the man screaming, his scourged back arching backward, shoulders and arms frantically struggling to block the blows, one of the Fedayeen torturers is heard to say "no situation more honorable than truth over falsehood." Thwack! Thwack! Thwack! The prisoner's knees buckle as he crumbles into a hump on the ground from the blows, crying out in pain. Another Fedayeen grabs his hands and pulls hi
It won't be long before those maggots who make the spyware code it in such a way that removing the spyware (or trying to) somehow 'violates' the The Digital Millennium Copyright Act (DMCA).
Don't laugh. I bet they're trying to figure out how to do it right now.
Besides the incorrect assumption that all spyware requires confirmation from the user, your position is the equivalent of saying that date rape via roofies should be legal because if the chick didn't want to have sex, she shouldn't have accepted a drink from a stranger.
Member of Orkut? Annoyed with spam?
why is everyone mad at the people who write the spyware. They should be mad at microsoft for writing such a horrible operating system, or the users (who are even dumber) for running it.
They want spyware to be "easy to remove". So what the hell is "easy"? Is it "easy" to go to ControlPanel/AddRemovePrograms and somehow recognize the fact that "Search Bar Pro" is actually spying on you in secret and needs to be removed? Just KNOWING about AddRemovePrograms puts you in the top 20% of all computer users.
The ideas in this proposal are chock full of that kind of logic hole.
By now, it's clear that legislation doesn't "fix" these kinds of problems.
We have experience with trying (unsuccessfully) to use the law to control spam, hacking/cracking, P2P/piracy, pornography, and personal data abuse. In every case, the effect is next to nil.
They say that the definition of insanity is doing exactly the same thing as before, and expecting different results.
this isnt really a personal freedom problem, it targets more of these internet companies that make their money off nothing but putting SHITWARE on your computer, and honestly i wouldnt mind seeing companies like gator, and ultimatesearch getting their heads blown off.
Great reply
Open Source Sushi
A bill proposed in the house is hardly set in stone. In fact a large portion of bills are thrown out before they come anywhere even close to being a law.
To say that these restrictions are being imposed is an overstatment. At best the above mentioned restrictions are being considered.
Some of you may not realize it, but spyware == businesss. I do software development, but I run a tech support business on the side. 60% of our work is "we can't stop the pop-ups" or "my computer takes too long too boot". I hate to say it, but there is a small local industry created because of spyware.
Without it, I'd have to put two people out of work. So there is an economic upside.
Maybe you dislike it so much because you have to waste your time removing it from relative's computers? (Shameless business plug coming up).
We do spyware removal, virus scan, windows updates, clean out temp files, and defrag all for $25, flat fee. It's done remotely so no one has to enter the home. If you'd actually be interested in this check out www.churtle.com and tell your family members/friends that you're too busy and it's only only $25 for someone else to do it.
Thanks a lot for taking the time and effort to write this. As a Linux guy, I do not know these kinds of Windows issues as well as I would like; I have printed out what you have written and will review it for next time a buddy has a computer screwed up by spyware.
:)
I also like the "use Mozilla" comment.
The original H.R. 2929 Summary says: "Directs the Federal Trade Commission (FTC) to prohibit the transmission of a spyware program to a covered computer (one used by a financial institution or the Federal Government)...". In other words, the law would not apply to "the average Joe's" computer. The substitute uses the term "protected computer", but I did not see a definition of that term, or any other indication as to whether the coverage has been broadened to include privately-owned computers or not.
Now this may sound utterly rediculous, but think about it. 5-10 years ago, fixing windows machines consisted of getting drivers to work, DLL conflicts, IRQ conflicts, and of course the poorly written windows versions based off DOS.
;) ).
With Windows 2000 and XP and plug-n-play, those problems I listed above are gone for the most part. I can't remember the last time I had to hunt down the proper DLL. The only driver issues I've had when installing windows 2000 was on obscure hardware, which linux had trouble with as well (on the same machine).
So what is left for IT people to fix? Windows updates, antivirus updates, and running ad-aware. All this requires a lot less know-how than which inturrupt a legacy NE2000 Ethernet card should be on (it's 11 if I remember correctly
What I'm saying is that when a computer went to shit a few years ago, you really had to know what to do to fix it. Nowadays, it's "run this program" or "install this update." That difficult problem solving requirement has gone away. If it weren't for viruses and spyware, windows 2000 and XP machines wouldn't need much attention and the IT staff wouldn't have work. Face it, once the network is set up and you have a bunch of machines, most of the maintainance is just playing janitor with spyware.
I use linux now and ironically I'm back to the old days. When a program crashes, it's because I updated the wrong library (think dll hell) or my nvidia is acting up (it broke after no config changes a couple times required a recompilation of the kernel module). I'll admit I get more satisfaction when I figure out the problem and solve it than I did with running ad-aware. However if I was hunting down foo.so.4 for 40 computers at my workplace, I'd probably rather go back to running ad-aware. One thing to remember is that when you fix somebody's computer who doesn't know much about computers, you get the same appriciation if you recompiled the kernel or removed gator for the fifth time.
Don't get me wrong, I think IT people who bitch about spyware shouldn't turn around and be appriciative of it, they should just remember how things used to be. If this is the career you chose, you're going to be a janitor half the time. Deal with it.
A recent survey by the US internet provider Earthlink found that the average computer was packed with hidden software, such as cookies tracking online habits.
Last I checked, a cookie was NOT a program.
I mean, look... cookies have been around forever in internet terms. You think someone writing a technology article would have at least known to check on what the fuck a cookie actially is.
Thanks to this article, any Joe Sixpack who reads it is now going to be calling his ISP tech support free line screaming "I GOTS ME COOKIES! HOW DOES I GIT RID OF THEM? YOU PUT THEM THERE, DIDNT YA?!?!?!?!"
Lovely.
Then, after he figures out how to turn cookies off, he'll call back screaming about how his "internat dont work no more!"
double lovely.
Go ahead, ask me again why I'm a misanthrope.
s'wut i sed.
Just the other day, I encountered a Windows PC at work that was infested with NCase, SAHagent and a few other nasties. Ordinarily I would just have installed Linux on it, but this one belonged to a beancounter who needs Windows in order to run Sage, for the benefit of Group Head Office. So instead, I went searching for spyware removal tools. Could I find one that included the source code?
..... Can you believe that? 180 pounds, that's like a week's wages at my old
job, for a freaking operating system! And a crap one at that! It's not
even fixed the problem, 'cause the damn thing is still going to be just as
susceptible to malware as it ever was.
Could I fuck.
So how am I to know that it has done its job, and not simply installed even more spyware, adware and other crap?
I ended up going to PriCey World and buying a copy of Windows XP Home Edition, 'cause Honest Eddy wasn't around with his vanload of paper-labelled CDR's, more's the pity. (Before you say two wrongs don't make a right, I happen to believe copying software is not wrong, so that's still only one wrong.) And this cost A HUNDRED AND EIGHTY QUID! OK, so it wasn't my money, but still
To make matters worse, my boss now has photographic evidence of me installing Windows on a PC, which he can use for blackmail purposes.
Still, once I've got me an assistant to do the donkey work, I'm going to sit down at my terminal and code a functional replacement for all the parts of Sage that we actually use. And then I'm going to take great delight in nuking Windows off the beancounters' PCs {I might need to leave one alone to act as a translation engine, if I can't successfully hack the file formats Sage uses}. And Group Head Office can fucking learn to deal with it it.
As far as I am concerned, any operating system that lets a computer get hijacked is unfit for purpose, and Microsoft are guilty of aiding and abetting offences under the Misuse of Computers act.
There is only ONE way this sort of thing is EVER going to be stopped, and that is when it becomes a CAPITAL OFFENCE not to include the source code with every piece of software you ship.
Then only comfort I derive from this is that now the average user will have only 27 spyware programs on their computer instead of 28.
023AD01("Child", "Evil");
5 years ago, a spyware program would be considered a virus, the installer a trojan. These days, it's a business model? C'mon, it's installed without telling the user! Does this mean viruses are legal?
CAn'T CompreHend SARcaSm?
an option upon install to simply *not* install the spyware in the first place. If they're telling you it's there, but requiring that you install it as part of the process, one should be able to circumvent the 'easily removeable' portion of it alltogether, and simply elect not to install it in the first place.
a lot of it anyway. There isn't that much direct latin influence.
,justement, hériter.
In your phrase, candidates for french are:
actuellement, langage, autres, baser
And mr nextlevel:
Patriotique, cité, langage, république,ennemi, trahison, respectable, honorable, punir, acte, assurer, condoner.
Of course we should be talking about old , and Norman, french. There's your way out...
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
There should also be a law protecting consumers from companies that share customer databases. When I do business with a company I'm exchanging money for goods or services. If they want to expose me to risk and annoyance by sharing my information with third parties, and even those mother fucking "partners", I should be asked first, IN ALL CASES, and have the right to refuse.
Thank you and burn in hell you assholes who disagree with me.
Bah...
Those are the easy money customers!!!
DISCLAIMER:
I don't believe what I write, and neither should you.
There all women? Damn, I gotta join a Mac club.
was two weeks in Philadelphia.
Contribute to civilization: ari.aynrand.org/donate
Earthlink alters the Internet Explorer binary.
Contribute to civilization: ari.aynrand.org/donate
"I'd love to see spyware makers be forced to provide a small link at the bottom of *each advert window* that says something like, "This advertisement is being shown to you by $NAME_OF_PROGRAM. Click here for more information."
Most users immediately close any popups without looking at them. However, I would like to see this simply because I work at a university help desk. This way when I go to remove all the spyware from a machine after the user says "I didn't download anything" I could tell them exactly what they did to get it.
"There are more important things than stopping terrorism. Upholding the Constitution is one of them." - Ars Forumer.
You choose to use MSIE, which is known for it's security holes. Even with Sasser, you chose to use windows, which opens up services to the internet by default. So yes, you chose to let the Sasser worm install itself because you ran an OS vulnerable to it. How about TAKING SOME FUCKING RESPONSIBILITY.
This is the most ludicrous statement I've seen on Slashdot in quite a while. Running an alternative browser is just like stripping out every bit of Windows and replacing it with cygwin?
"Don't like genuine GM parts? Sure, you could use generic ones, but then you might as well completely remove your car's gasoline engine and replace it with a boiler and steam turbine and then compare your performance with other people's."
I'm as suspicious of MS as the next guy... but let's not let Bill Gates bashing degenerate into paranoia.
Sean
There were a few shareware authors who were given the chance to make money even before they found anyone to buy their products. GetRight was one; Opera another. Banner ads was all it was, you see. Very innocuous, and it supports the poor wannabe programmer as the product is improved enough to make sales.
Then for a facile price, the user can get a key to get rid of the hated advertising.
Things were bad enough then, but then bigger money started taking over. Yet the shareware authors stuck with it.
I think we're missing a great point here: the proliferation of spyware is due in part to the cooperation of shareware authors. Which seems ironic, even paradoxical, as one would assume good ethical programmers would be against such practices. Evidently they're not.
I think we have to shuffle some of the blame on the shareware authors. I think we have to pressure them to stop cooperating with these vermin. Without carriers, the parasites cannot survive.
Unless you can prove $5000 in actual damages, installing a trojan horse is not illegal. That means that spyware using MSIE exploits to install is perfectly legal, because there is not $5000 in damages.
If you don't use IE and download stupid little programs that seem suspicious, then you shouldn't have any spyware on your computer. It works for me!
I need a sig.
There is a US equivelant, but it requires $5000 USD in damages or it is not illegal. Yes, that means you could break into someone's computer and delete c:\windows, and it would be perfectly legal in the USA.
If all spyware was like that I'd have no problem with it.
Honestly I wouldn't be surprised if the larger websites start hitting spyware makers for making it look like the advertisements are coming from the websites and not from some covertly-installed program. Surely companies would object to spyware makers "earning" advertisement dollars on the company's content, when all the ill will goes to the company.
Member of Orkut? Annoyed with spam?
You choose to use MSIE, which is known for it's security holes. Even with Sasser, you chose to use windows, which opens up services to the internet by default. So yes, you chose to let the Sasser worm install itself because you ran an OS vulnerable to it.
No, most people did not "choose" anything. They got a computer with IE and Windows and used it. What is a typical person supposed to do? Figure out how to install and use OpenBSD? Learn how to use netfilter/iptables to create firewalls? Write their own OpenBSD equivalent to TaxCut before next April 15? Get the kids a copy of gcc instead of the PC video game that they wanted at CompUSA?
Most people who aren't on Slashdot 24/7 have lives. They don't have time to devote to studying their computer so that criminals can't damage it. They don't have time to become expert on computer technology. They aren't going to learn how to compile new kernels or type cryptic Unix command lines.
How about TAKING SOME FUCKING RESPONSIBILITY.
How about TAKING SOME FUCKING VALIUM? There are plenty of things you don't know jack shit about, but you use them anyway, don't you? Should it be legal to fuck you over any time that you aren't an expert? Should a burglar be found not guilty because you chose to use cheap Yale locks? Should the police come over and tell you to "take some fucking responsibility" if it happens?
I did not read your response when I wrote the prior comment. I assumed that you had taken a parting shot and left. I apologize.