Slashdot Mirror

← Back to Stories (view on slashdot.org)

U.S. To Impose Spyware Control Laws

Posted by CowboyNeal on from the every-click-you-make dept.

ArbiterOne writes "BBC has the story: A bill has been introduced into the U.S. House of Representatives to control the proliferation of spyware and malware. The proposed bill would force programs to inform the user before installing programs, and require that spyware be easily removed. A study by EarthLink found that the average user has 28 spyware programs on their computer!"

31 of 402 comments (clear)

  1. I wonder which 28 are on my Mac? Oh wait... by Anonymous Coward · · Score: 5, Funny

    NONE!

    1. Re:I wonder which 28 are on my Mac? Oh wait... by Chess_the_cat · · Score: 4, Insightful

      I wonder how many are on my Windows machine? Oh wait, none. It's not that hard to keep spyware off your machine. Goodness. I guess the key is "the average user...". Ah well.

      --
      Support the First Amendment. Read at -1
  2. But what about SunnComm? by The+Importance+of · · Score: 4, Insightful

    Will this bill make it illegal for "copy-protected" CDs to add malware to your computer through autorun? Will they be required to make it easy to remove the malware?

    1. Re:But what about SunnComm? by dsanfte · · Score: 5, Funny

      The term "mal" is French. I cannot believe, as a patriotic citizen, that you would endorse or condone the use of language from the mouths of the Republic's enemies! Traitor! This is not the act of a respectful, honorable, patriotic citizen. You will be punished for this act of treason, let me assure you.

      --
      occultae nullus est respectus musicae - originally a Greek proverb
    2. Re:But what about SunnComm? by DrEldarion · · Score: 4, Informative

      Actually, it's Latin. The French (along with the other Latin-based languages) just inherited it.

  3. Believe it or not... by rd4tech · · Score: 4, Interesting

    I had once to repair a user PC (average Joe's) with about 1447 installed whatnot... (according to adaware) It was taking the darn thing 35 minutes just to boot up and was veryyyy slow when operating. And she was having quite a powerfull machine too..

    1. Re:Believe it or not... by Anonymous Coward · · Score: 5, Funny

      With only 110 less they would have been 1337!!

    2. Re:Believe it or not... by dealsites · · Score: 4, Interesting

      That sounds pretty resonable. On a side note, I bet the PC makers kinda like spyware. After all, it will eventually slow down the average joe's PC, and unless he knows how to remoe spyware, he might upgrade to get a "faster" PC.

      --
      Live deals updated in real time. Over 500 a day!

    3. Re:Believe it or not... by MBCook · · Score: 4, Insightful
      Yep.

      I fix computers for people in my neighborhood. I'm the guy they call when they don't know how to do something, or they got a new DVD drive, or something isn't working. I've seen that happen a few times.

      Just a week ago I was called to help a nice lady setup her new Dell and copy the files off her old Gateway. She bought the computer because she was tired of the Gateway always crashing and being slow and such. Every few minutes a "Explorer has crashed" dialog would come up. I can understand why she hated it.

      So she bought a new Dell. Well, when copying files over I noticed what the problem was on the old Gateway. Tons and tons of spyware. Things loading in the tray, in startup, in IE, chaning preferences, causing popups, everything. She thought the computer was just "old" and was having problems, when it was all the spyware. I told her I could fix it, but she wasn't interested.

      Now the fact is she had other reasons for getting the new PC. She wanted a flatscreen to get more desk space. She had a camcorder and wanted to be able to make DVDs of family movies and other such things. Her old computer would have been fine for her other tasks (like surfing and e-mail and word processing), but she really would have needed a new one to make DVDs and CDs and such.

      But the point is, I can EASILY see tons of people buying new computers due to spyware. If it wasn't for that, why wouldn't Dell and other ship somehting like Ad-Aware on the computers they sell?

      --
      Comment forecast: Bits of genius surrounded by a sea of mediocrity.
    4. Re:Believe it or not... by XryanX · · Score: 4, Interesting

      Can you introduce me to some of your friends?

      All kidding aside, one of my friends got 3 1/2 free hours of tattoo work(~$300 at the price this particular artist charges) simply for removing spyware, running through scandisk and defrag, and taking unnecessary items out of msconfig.

      She ended up getting a Tux tattoo.

  4. Bloody obvious by hattig · · Score: 5, Interesting

    It is a shame that things like this need to be made law.

    I expect that spyware already falls under the Computer Misuse Act 1990 in the UK regarding modification of a computer system without the user/owner being aware.

    As far as I am aware, these bits of software are viruses and should be treated as such. Including the writers of said spyware.

  5. Why use legislation? by Anonymous Coward · · Score: 4, Insightful

    Why is legislation necessary here? this is a problem that could be solved with just a little technical nous.

    Instead, we get another law, pretend it's enough, and find it's as toothless as the paper it's written on.

    1. Re:Why use legislation? by Scott+Wood · · Score: 4, Insightful

      Because, like spam, it is a behavioral problem, not purely a technical problem. System break-ins and e-mail worms can be prevented by technical means as well, but that doesn't mean it should be legal to carry them out.

    2. Re:Why use legislation? by fmaxwell · · Score: 5, Insightful

      Why is legislation necessary here? this is a problem that could be solved with just a little technical nous.

      Fine. You go to 290 million people in the U.S. and educate them -- every man, woman, and child -- on how to deal-with, avoid, and remove spyware. God knows that learning about sypware should be the key goal in everyone's life. The guy investigating prostate cancer online after bad news from his doctor? He should stop what he's doing and take lessons from you about spyware.

      Next, we can get rid of laws prohibiting muggings and just teach everyone self-defense. We can make identity theft legal and just teach people how to prevent it.

      Everyone should not have to know about everything just to avoid being victimized.

  6. It's About Time by Ridgelift · · Score: 4, Interesting

    Once installed, it can redirect web searches, install bookmarks or bombard a user with pop-up ads tailored to other search terms. It can also drain computing power, crash a machine and, in the case of the most malicious spyware, steal confidential information

    A friend of mine works for a technical call center for a large US hardware manufacturer. The contract he works on is supporting notebook computers.

    A customer recently called in because his computer was running slow. After installing and running ad-aware and spybot, the customer had over 4600 spyware programs. Yes, you read that right, over 4600 spyware programs. It's a miracle that thing ran at all.

    Legislation to curtail spyware is long over due. An operating system that is resistant to spyware is already available, and it ain't Windows.

    --
    Ruby on Rails Screencast
  7. I have to ask... by Motherfucking+Shit · · Score: 4, Insightful

    Why is it that the Beeb has the scoop on a pending US bill, before I can find this story in any of the major US media outlets?

    --
    "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
  8. correction by bl8n8r · · Score: 4, Insightful

    The average WINDOWS machine has 28 spyware programs on it.

    --
    boycott slashdot February 10th - 17th check out: altSlashdot.org
  9. IE of course by simetra · · Score: 4, Insightful

    It would be interesting to see what percentage of these "victims" used IE as their browser exclusively. I only use IE for sites written by fanboys which require IE. Otherwise, I use Opera. For kicks, I ran spybot on my pc at work and all it found were about a dozen cookies. The techie who suggested doing this says that the typical pc on our network has anywhere from 20 to 50 bad things. Go figure.

    --

    "Would it kill you to put down the toilet seat?" -- Maya Angelou
  10. A step in the right direction.. by Anath · · Score: 4, Funny

    It is, but I can't see it being useful.

    Unless it contains decent punishments of course, like say.. Dragging the Spyware foisting bastards out into the street and shooting them in the back of the head, or some sort of testicle electrode device (like a "home detention" prisoner, goes off whenever the spyware "calls home")

    --
    The earth is 98% full, please delete anyone you can!
  11. How did Earthlink conduct this "survey"? by setzman · · Score: 4, Insightful
    A recent survey by the US internet provider Earthlink found that the average computer was packed with hidden software, such as cookies tracking online habits.

    It uncovered an average of 28 spyware programs on each PC scanned during the first three months of the year.

    How exactly was Earthlink able to detect the installed spyware? Tracking outgoing requests that were related to known spyware apps? Or did they allow users to run software that reported back to Earthlink for this survey?

    --
    C:\>
  12. Re:I'm just a bill on... by autiger · · Score: 5, Informative


    H.R. 2929 Safeguard Against Privacy Invasions Act sponsored by Mary Bono.

  13. Google's position paper... by LostCluster · · Score: 4, Informative

    It's been on Slashdot mentioned before, but a good starting point for this kind of legislation is Google's Proposed Software Principles defining what honest programs should be doing.

  14. a lot of spyware already 'informs you'... by seibed · · Score: 5, Interesting

    a lot of spyware already 'informs you'... its just that the average public just clicks right through all of the legal stuff anyway.

  15. And what will it help? by klingens · · Score: 5, Funny

    I am sure this new law will be a overwhelming success story like the recent CANSPAM act.
    And now excuse me, I need to clean my Inbox again.

  16. Possible method of identification and removal by willith · · Score: 4, Interesting

    I deal with a lot of spyware/adware at work, and one of the big problems is that the user usually has no idea why the advert windows are popping up, nor from where they're coming.

    I'd love to see spyware makers be forced to provide a small link at the bottom of *each advert window* that says something like, "This advertisement is being shown to you by $NAME_OF_PROGRAM. Click here for more information." Then, you could click the link and be taken to a page with a brief description of what the program is and what it does, and how to remove it. If it was installed because you installed KaZaa or whatever, it should say so there, too.

    Perhaps I should torture myself further by dreaming up more completely reasonable but totally impossible things...

  17. Definition of spyware by God!+Awful+2 · · Score: 4, Insightful

    Do they mean 28 actual spyware programs? That seems pretty hard to swallow. Or do they mean 28 tracking cookies (which are OS independent).

    -a

    --
    /. users can't
  18. Since You Asked... by reallocate · · Score: 4, Informative

    First, the BBC doesn't have a scoop. I've been reading about the story for days. This piece is almost certainly a pickup from Reuters or another agency. (If it was a Beeb piece, the story would have a Beeb byline.)

    Second, you haven't seen it on the evening TV news because it isn't that much of a story. The bill, one of several on the same issue, made it through one House subcommittee. If it passes and is signed into law, then it might merit mentioning on "major US media outlets?.

    If spyware wasn't in the news this week, you'd likely not be seeing this story get any play at all. The story is, in fact, getting play because it make a nice sidebar for the other story this week about most PC's being infested with dozens of spyware programs.

    --
    -- Slashdot: When Public Access TV Says "No"
  19. Removing Spyware - a Primer by Fourmica · · Score: 5, Informative

    I'm head desktop geek for a publishing company in the United States, and I spend more time dealing with this crap than any other single problem.

    I've been getting asked quite a bit lately what exactly it is I do when I clean up someone's machine. The problem is, while some of my techniques are easily documentable, alot of it comes from just eyeballing the situation and figuring out what doesn't look right.

    I watch the Slashdot threads regarding spyware often and, until recently, have merely lurked. Today I registered, so I can share this with everyone. It may be a bit off topic, but let us be real - legislation isn't going to take care of this problem anymore than it has spam. Some of you probably know all this already, but I hope that those who don't get some use out of it. Obviously I can't take any responsibility if you screw up your computer, so be careful out there!

    Note: Use Mozilla or Firefox. Not using IE will prevent 99% of all spyware infection. I highly recommend it, for yourself and your friends and family. This is the number one step you can take to prevent spyware and hijacking, as well as preventing weekend trips to the inlaws/cousins/siblings to clean up their infected machines :-)

    What is Spyware?

    Spyware, Adware, Malware, Crapware, Roachware (because just when you think you've gotten them all...); all of these terms refer to a virus-like category of software which is placed on a computer for the purpose of generating revenue, usually either by displaying popup ads, redirecting search requests from within the browser, or collecting demographic information.

    The programs themselves can end up in a number of different places:

    - As an item in the Run key in the registry (the listing of startup programs you
    see in MSConfig) - Specifically,
    HKEY_LOCAL_MACHINE\Software\Microso ft\Windows\Curr entVersion\Run or
    HKEY_CURRENT_USER\Software\Microsoft\Windows\C urre ntVersion\Run

    - As a Browser Helper Object (BHO), a class of ActiveX control originally designed for extensions to Internet Explorer, such as Toolbars. The Google Toolbar, Yahoo! Companion, and Acrobat Reader plugin are all examples of BHOs

    - As a link, EXE or DLL file which is placed in a URL, such as a default Search URL or the Home Page. IE uses a set of URLs to control its automatic search behavior. When these URLs are triggered - or the home page is opened - either the page is opened containing ads which the URL is designed to impress, or the EXE or DLL is called to generate popups, verify it is still installed, etc

    - As a registered DLL which is loaded on startup as an operating system component (Nasty!)

    For the executable files loaded on startup, these programs - in addition to their main ad generating function - will generally check to see if their components are still properly installed, and if they are not, they will reinstall themselves. This is why you will often see spyware mysteriously come back after you think you've succeeded in removing it.

    Many of these programs will also alter Home Page and Search URL strings, so that every time the browser is opened or a search takes place, an ad impression or page hit is generated by the program's controller.

    The nastiest of all these programs will have more than one process running at any given time, watching its companion processes - so that if you kill one, its partner launches itself again. It's like Whack-a-Mole, but without the cheap prizes they give you for tickets.

    Most of this stuff gets installed piggyback with things like Comet Cursor, browser "skinners", various toolbars, downloadable games, etc. The nasty ones, however, will use security holes in IE to install themselves without the user having any clue. Others act as "gateway programs" - once one of them gets on, the others get carte blanche.

    Now that you've got the basics on what this stuff is, it's time to look at removal techniques.

    --
    *** formica has quit IRC (connection reset by phear)
  20. Re:Definition of spyware by macdaddy357 · · Score: 4, Informative
    28 programs is reasonable. I am a computer repair technician, and spend every day cleaning up this garbage for people. If you count the cookies, and not just actual programs, then the average user has over one hundred spyware items.

    The common user never imagines that just clicking on a pop-up window, hoping that will make it go away gives someone the right to take over their computer. They don't "get it" that kazaa is bundled with spyware either.

    As for EULAs, even if people did read those things, they are in legalese jargon. No one understands that gabbledegook, so no one can possibly give informed consent to it.

    I see a lot of brand new computers running like a 386 trying to use Windows XP because of spyware. I am surprised more people haven't given up on computers completely. If this new law is as full of loopholes as it seems, then people swearing off computers is still the inevitable result of spyware.

    --
    How ya like dat?
  21. Cool - this will outlaw DRM by Ralph+Spoilsport · · Score: 4, Insightful
    on the order of the crapware^H^H^H^H^H^H^"security features" the music industry insists on plaguing the planet with.

    don'tcha just love it when one hand of Corporate America Chops Off the other hand? It's kind of like watching a slow motion train wreck, or a circular firing squad.

    RS

    --
    Shoes for Industry. Shoes for the Dead.
  22. Man, I hope you're right but thing you are wrong by gone.fishing · · Score: 4, Interesting

    A good portion of my day is spent dealing with spyware. I've noticed that in the past several months it has gotten worse, in some cases far worse.

    A law in the United States will only affect those companies with a legal presence in the United States. Many, many companies that offer software aren't in the U.S. Even if the law is effective on companies here, it will just migrate to somewhere that it isn't regulated and those Kaaza type companies will still be immune.

    While I hope you are right, I think that you are wrong and I guess that my attitude is that it is probably better dealt with using technology than laws. The loopholes in technology are easier to close.

    My ideal solution would be a system that would detect all types of malware and security threats and know how to fix them automatically. I'd like to see one component be "forward looking" where it would monitor computers and forward suspicious activity to a database that would be used to identify new threats in an almost real time manner. Of course this in and of itself could be considered "spyware" by some (because it would be reporting activity on your computer). But if all of a sudden xyzabc.dll started appearing on hundreds of computers in a short period of time, a human could evaluate it and figure out if it is a threat. If it is, it could be blocked on uninfected machines.