Australian Gov't To Consider Spyware Laws

bernie writes "It seems the US is not the only country with spyware legislation in the works. According to this Computerworld article, a bill outlawing the 'harvesting without consent corporate or personal information via a Web site or with software applications for marketing purposes will be classified as 'spyware'' and is set to go before parliament later this year. In addition to making all 'spyware' opt-in the bill will cover 'malware' such as viruses, trojans, and worms. Interestingly, the article cites lack of 'international cooperation' as a barrier to effective enforcement of cyberlaws. Also included is a statement from the EFF that it 'would like to see a more serious effort made to use existing laws against unfair trade practices, misrepresentation, computer fraud and abuse, before new technology-specific laws are passed'."

To repeat:

[swordboy]

Unless the Australian government has jurisdiction in foreign countries, this has the same affect as spam laws:

The assholes just relocate to another country.

Re:To repeat:

[Techguy666]

That doesn't mean that governments should just give up and not make these laws. Enough of these laws get passed around the world, those who intentionally wish to violate these laws will have no place to hide.

After the laws are passed, even if a few second or third world countries allow spyware / spam creators to work in their countries, the countries with spyware/spam laws can form a "coalition of the willing" and blackhole violating countries altogether until they comply and pass similar laws. (Wow, even Bush can serve as an educational example.)

Regardless of the politics of tossing entire countries into a blackhole filter, the point is that inaction allows spammers and spyware creators to breed.

Re:To repeat:

[eggoeater]

Yup. And the people who make this crap (like that stupid monkey tool bar...) will just change the EULA, that all my relatives just click through, giving them permission to harvest info and install more spyware without further notice.

Re:To repeat:

[L.+VeGas]

..even if a few second or third world countries allow spyware / spam creators to work in their countries, the countries with spyware/spam laws can form a "coalition of the willing" and blackhole violating countries

Hey, it worked to keep out drugs, didn't it?

Oh, wait..

Re:To repeat:

[stanmann]

Difference is people want drugs... Drugs are fun... SPAM isn't.

The best part

Users will be required to install the Australian government's spyware to make sure other spyware isn't installed.

Good!

[suqur]

The more spyware/malware laws we get the better. It's so frustrating trying to use a computer with tons of spyware and spyware trojans. Ugh. And they say the average PC has 28 spyware programs running on it! This needs to stop.
It took me about 8 hours to clean out a friends computer the other day. He had about 15 viruses all installing spyware daily.
Here's some suggestions for cleaning your computer:

Grisoft's AVG Anti-Virus Free Edition - this is key. Free auto-updates too
http://www.grisoft.com/us/us_dwnl_free.php

Lavasoft's Ad-Aware - run it every so often, and always be sure to update it manually.
http://www.download.com/3000-2144-10045910.html?pa rt=69274&subj=dlpage&tag=button

CWShredder - removes only a few trojans that give you tons of ads, but does a better job of fully removing them than ad-aware.
http://www.spywareinfo.com/~merijn/downloads.html

Spybot-Search & Destroy - Similar to Ad-Aware. You should run both.
http://download.com.com/3000-8022-10122137.html

Re:Good!

[Mz6]

"Spybot-Search & Destroy - Similar to Ad-Aware. You should run both.
Is it really necessary to run both? I've been fine with just Adaware for a while now."

Actually, it's recommended to run both of them. The reason is because they both use different methods of determining spyware. While one may not find/remove a spyware program, the other may remove it perfectly. It shouldn't take much to install and run both nd you are protected that much more. Besides, you can't beat the rpice... right?

Re:Good!

[suqur]

Wonderful Anti-Virus software, but what does it have to do with spyware/malware?

So many people don't run Anti-virus software, and many of these people are the same that open up email attachments they weren't expecting.

There are TONS of trojans out now with the simple payload of installing spyware on your PC.

The PC that I mentioned I worked on recently had over 500 dll/registry keys/executables and bookmarks (not counting another 300 cookies) that were found as spyware. I removed them all with Ad-Aware, and after a reboot, another 150 files were immediately put back by about 15 different trojans.

I consider anti-virus to be a huge deterrent to spyware.

Is it really necessary to run both? I've been fine with just Adaware for a while now.

They both find different things. So yeah, it's good to run both. Spybot also has some nice features to automatically setup your hosts file and other things to block even more spyware.

Re:Good!

[jacksonyee]

Is it really necessary to run both? I've been fine with just Adaware for a while now.

It's not absolutely necessary to run both, just as it's not absolutely necessary to run a virus scanner if you're relatively sure that your firewall will stop most of the viruses going into your network.

However, having two separate programs with two separate databases increases the chance that one particular vermin might escape, since there are two levels of checks against it. What was the last program you used that did absolutely every single thing that you wanted it to do? For me, having two separate programs avoids vendor lock-in and encourages improvement. It's still not 100% secure - nothing is. However, it's a little bit more peace of mind when you go to clean your co-workers' computers off because Internet Explorer gave them more bugs than an open can of Mountain Dew in the summertime will attract.

a legislative idea

[millahtime]

Interestingly, the article cites lack of 'international cooperation' as a barrier to effective enforcement of cyberlaws.

An idea to get international cooperation would be to make it an act of war to get a mail bomb or any other kind of attack. We (in the US) get a couple of these... go knock on that countries door a few times and we'll get the cooperation from everyone we are hoping for.

Adaware

[thedillybar]

Don't think this means you can do without Adaware or some other anti-spyware software. Worms and viruses have been illegal for a long, long time; you still wouldn't let any non-tech-savvy person near a computer without antivirus. It will be a long, long time (probably not in our lifetime) before we can do without anti-virus and anti-spyware stuff.

If these bills cut the number in half I'd be pleased.

Too bad....

[tha_mink]

Spyware. It's nasty. But...(and I hate to say it), I make a pretty good amount of money removing it from client PCs. "Internet Optimizer" and "XXXToolBar" are 2 of the more particular nastier ones I come across. It makes it virtually impossible to use IE. When one finds out what these nasties do and how they do it, one gets surprised that they aren't illegal yet. I am all for making this stuff illegal but I sure will miss the extra income.

I have an idea

Let's pass a law. That always stops people.

How Does This Work

[somethinghollow]

When it says "Click Yes to install if you agree with the EULA." and the user does, what is the problem? People install spyware themselves. It's (at least for the most part) an ID-10T error, not an exploit. Are these governments going to MAKE users read and understand EULAs before installing things? Aren't these people warned in the EULA before they install? Granted, I hate spyware as much as the next, but the worst I've had is DoubleClick cookies that AdAware says is spyware. I just click "No" by default now instead of "Ok" when the "install software" box pops up in IE (at work... never had the problem with Safari at home).

Re:How Does This Work

[WoodenRobot]

Aren't these people warned in the EULA before they install?

One nasty problem with this is the fact that often by the time you get to a page with a EULA, the damn site's installing spyware - and the EULA's something along the lines of "by looking at this page, you agree to be infested".

Yeah, there's a EULA, but it's effectively worthless, and is just a get-out-of-trouble clause for the malware supplier...

Good spyware!?!?

[vijaya_chandra]

?Not all spyware is bad but most is sinister"

I don't get this, can someone suggest a good spyware?
Or is ntpd also nowadays considered spyware??

screen capture utilities used to capture passwords,..
Damn, now I know why all those passwords in our web site's user db are showing up as long "*"s upon decryption

(Karma be damned; I am no better than an AC anyway)

Milk and Cookies?

[mratitude]

What is the legal liability within the WWW community of the standard for setting cookies and other session tracking techniques within this law? It's this relationship between web server and web client that leaves the door open for spyware.

The intent of the law will be to establish the intent of the person using the browser rather than the intent of the web site organization who put up the url. But the web operator doesn't force anyone to click their link and the tools are available to prevent most spyware from loading across the link. Will the legal standing become nothing more than the equivalent of individual intent and unstated permissions?

It'll be an interesting legal question as to where various digital rights boundaries start and stop.

they should have followed New Zealand's lead...

[MariaK]

It would be so much neater to just go the same route for distributors of spyware as some have done for spammers. Release their personal information online along with a description of their offenses and let the outraged masses take care of it. Prosecute fully for any violent offenses, but if the offender is simply driven to cut off his phone line and Internet connection thanks to all the harassment he gets, that'd be fine.

The same approach might be less effective against corporations, but I'd still love to see an attempt.

But will this REALLY stop spyware?

[caffeineboy]

It seems to me that there are two major categories of spyware:

• The kind that tries to be "legit" and actually tells the user (somewhere in the EULA) that it is installing. Claria/Gator is this type.
  
• The kind that doesn't give a damn and installs through known IE exploits and weaknesses (Cool Web Search and Xupiter are like this)
  

The problem that I can see is that type 1, even though it sucks and no sane person wants it on their computer if it were presented honestly, is probably already compliant with these laws because somewhere in the EULA it explains what it is doing. Never mind that even moderately intelligent people just click "OK" as soon as any dialog box pops up on their computer (my fiance still hits "OK" whenever she goes to an encrypted page since she doesn't take the time to read the box and click "don't show this dialog again").

The problem with the second type is that they don't give a damn now and they're not going to give a damn. I can't belive that using exploits to install software is not already illegal somewhere, and many of these type of companies are already out of jurisdiction...

To tell the truth, I can't think of a good way that we will get around this. We have to remove the motive - perhaps prosecuting the people that advertise this way?

Legislation=Trojan

[Potor]

I bet legislation in this area will do nothing to ease the spyware problem, but instead will only act as a trojan increase governmental control of the web.

I know: not a new idea, or particularly interesting. However, I do find it funny to see people applauding legistative solutions to problems on the internet, which is usually praised for being an anarchic forum.

The EFF is catching on

[swb]

would like to see a more serious effort made to use existing laws against unfair trade practices, misrepresentation, computer fraud and abuse, before new technology-specific laws are passed

Here, here -- why aren't fraud and other bad-trade laws used more often? Is it a lack of resources? A cultural zeitgeist that embraces legal-gymnastics and rationalizations as legal compliance for prima faciae unethical conduct? Part of the current administration's pro-corporate/pro-business mindset?

It just seems that as long as you're not outright *stealing*, you can get away with pretty much anything, and it's not fraud. Has this always been the case?