Slashdot Mirror

← Back to Stories (view on slashdot.org)

House Passes Another Spyware Bill

Posted by ryuzaki0 on from the federal-pound-me-in-the dept.

SkippyTPE writes "The AP reports that the US House of Representatives has unanimously passed a law criminalizing Spyware. This is the second such bill in two days (the first imposing civil penalties, whereas this bill imposes criminal penalties). Information on the bills (HR2929 and HR4661) can be found here and here respectively."

17 of 285 comments (clear)

  1. More DMCA penalties by Anonymous Coward · · Score: 1, Informative

    "(a) Whoever intentionally accesses a protected computer without authorization, or exceeds authorized access to a protected computer, by causing a computer program or code to be copied onto the protected computer, and intentionally uses that program or code in furtherance of another Federal criminal offense shall be fined under this title or imprisoned not more than 5 years, or both."

    Correct me if I'm wrong, but doesn't this add another 5 years to any penalties assigned for violating the DMCA? (Granted, that only includes violations that use a "computer program or code copied onto the protected computer," but since that covers all conceivable DMCA violations...)

  2. RTFS... by plover · · Score: 5, Informative
    The AP reports that the US House of Representatives has unanimously passed a law

    No, the AP correctly reported that the house passed a BILL. A BILL is not a LAW until it passes through the entire congress and the president signs it. (Remember the Schoolhouse Rock song, "I'm just a Bill"?)

    --
    John
  3. Obligitory by Trigun · · Score: 1, Informative

    Install Linux, don't reboot.

  4. Re:sorta OT by NeoSkandranon · · Score: 3, Informative

    I use Spybot and Spysweeper, as Ad Aware typically only finds trackng cookies and such like as opposed to spyware (in my experience anyway)

    I also make sure to use Spybot's TeaTimer and ActiveX blocker.

    Installing Firefox is a good way to keep it clean ;-) If it's an option at all on the computers you work on, go for it. It also tends to render a LOT of browser hijackers totally irrelevant.

    As for cleaning the hijackers themselves, I'd reccomend googling for the process name if you know it, odds are you'll stumble on an info site with detailed removal instructions

    --
    If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
  5. Re:Maybe another Law isn't necessary by drinkypoo · · Score: 4, Informative

    I hope you were kidding. If not, let me tell you why your idea won't work.

    1. MAC addresses do not propagate beyond a local network segment. They are used only for Ethernet. Outside of a specific physical (or certain types of logical) ethernet network, you'll never see someone's MAC.
    2. MAC addresses can be changed. Almost all hardware allows this, including antiquated Sun equipment from the days when MACs were supposedly etched in stone. Well, they're actually etched into a PROM which can be rewritten.

    If you were kidding, I apologize. If you weren't kidding, now you know.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  6. Re:sorta OT by Greyfox · · Score: 2, Informative
    Try:

    Unplug network cable, install windows, install SP2 from CD, plug in network cable, install your favorite firewall (I like zonealarm), install firefox, install thunderbird.

    That shoud give you a reasonably tight platform to add other spyware detection and cleaning tools. I like to disable several javascript features in firefox too (No popups et al.)

    I don't actually do Windows, but it seems like I've been setting it up for friends a lot lately...

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  7. Re:Maybe another Law isn't necessary by kevlar · · Score: 2, Informative

    You can do no such thing with Javascript. You'd have to have a signed applet or an ActiveX control, in which case the user has to explicitly grant permission to execute (regardless of whether the user INTENDED to grant permission).

  8. Re:Does this mean???? by Anonymous Coward · · Score: 1, Informative

    H.R. 2929 specifically exempts law enforcement activity.

  9. Re:Loophole City by choprboy · · Score: 3, Informative

    It was noted somewhere--NPR, I think--that the typical EULA is measurably longer than the Constitution of the United States...

    It was on NPR, yesterday I believe (but I can't find the link at the moment). The company in question was Gator (AKA Claria), which has a EULA longer than the constitution.

    However, it should be noted (as stated in the interview) that nthis law is completely useless anyways do to the "EULA permission" exception. Two of the biggest proponents of the legislation are WhenU and 1800Solutions... two of the worst spyware/adware companies out there.

  10. Re:Maybe another Law isn't necessary by XxtraLarGe · · Score: 2, Informative

    It's called an Ex Post Facto law. It is strictly prohibited in Article 1, sections 9 & 10 (?) of the Constitution.

    --
    Taking guns away from the 99% gives the 1% 100% of the power.
  11. Re:Maybe another Law isn't nec.: mod parent DOWN by charlesbakerharris · · Score: 2, Informative
    I'm sorry to ask a personal question, but are you nuts?

    Dissection:

    • say to yourself will the world be a better place with yet another law
      Are you saying that we should add no more laws, simply because we have too many, regardless of that law's merits?
    • like Nielsen rating system by which advertisers use to by spots on TV, somewhere there has to be a way to understand what works on the internet.
      Someone else covered this already, but Nielsen pays you, in an arrangement made in the clear and with your permission, and you're damn well aware that you're helping them with their marketing data. They don't take over your TV while you think you're just installing TiVo, and they don't make your TV work less efficiently or steal your credit card numbers. This is a dumb, dumb analogy you have made here.
    • The law bill
      Are we an ESL student?
    • installing tracking devices on someone else computer will be punishable by imprisonment - you will no longer to be able to track logins via cookies
      Even the lowliest n00b on /. knows the semantic difference between a cookie and spyware. It's absurd to compare the two, particularly when you're claiming that the difference would somehow be overlooked in court with any lawyer worth the paper their bar scores are printed on.
    • It is good thing that 10% of the market is either running an alternative browser and/or operating system preventing those infections. But being victimized via email I tend to say that email isn't secure therefore nothing in email can be trusted - thus let the buyer (user) beware. Over the long haul, Darwinism will balance things out and the law will be just a hoop and dance show for elections.
      I would like to point out that each of these sentences has nothing to do with the sentence previous to it, that none of the three is particularly relevant, and that you are clearly way over your head. You successfully pointed out the fact that email can't be trusted - a statement implicit in the fact that a law was just passed addressing criminal activity perpetrated with email as its medium.
      Then you point out that Darwinism balances things out. Have you had children? If so, your statement is invalid. I don't see how these laws, passed essentially unanimously, are going to be a "hoop and dance show" for either party. Would you like to illuminate us on that aspect of your glorious deconstruction?
    Build complete sentences, proofread your work, and don't try to sound brighter than you actually are. These laws are a fine thing. It's easy for anyone to look at anything the government does and go "Oh Noooo!" and think they sound wise.

    Marketing should come without illicit invasions of privacy, hijacking of personal resources, and the aggravation of an often-painstaking removal process. If it has to "come from somewhere", as you stated, it should come from a place that has some moral and ethical footing. By your argument, I could break into your cardboard box and check out what brand of cheap wine you buy, if it allowed me to market cheap wine to you more effectively. Removing the ethical aspect, as you implicitly did (whether or not you meant to) is foolish.

    "Will the world be a better place with yet another law?" (I added the question mark for you - I think you might have forgotten it.) Yeah, it'll be a better place with this law. By the time you'd typed those words, everyone who read the article had already thought about it, and most had come to the conclusion "yes, it will." I can think of a ton of laws that would make the world a better place. "Yet another law" is a dumb, dumb way to look at things, on a number of levels.

    You should stick to topics you (a) understand and (b) have something interesting to say about.

  12. Re:sorta OT by Oliver+Wendell+Jones · · Score: 2, Informative

    Mike Lin has a companion program that I also recommend, StartupMonitor. It keeps track of any attempt to add a new item to your startup lists and it pops up and asks you if you really want "evil_gambling_plugin.exe" to run at startup.

    It's kind of like ZoneAlarm, but for your startup processes.

    You can get this and other utilities at his website

    --
    A computer once beat me at chess, but it was no match for me at kick boxing -- Emo Phillips
  13. Re:Maybe another Law isn't necessary by Anonymous Coward · · Score: 1, Informative

    Actually you dont even need to rewrite the PROM to change a MAC address, all it takes is the right ioctl() call directly to the ethernet chip.

  14. Re:Maybe another Law isn't necessary by itsnotthenetwork · · Score: 2, Informative

    True, but it will stop them from doing it after the law is passed. They will not be able to be procecuted for doing it while it wasn't aginst the law. That means that they will not be able to continue.

  15. Re:well and good, but.. by Anonymous Coward · · Score: 1, Informative

    This part:
    To make all Laws which shall be necessary and proper for carrying into Execution the foregoing Powers, and all other Powers vested by this Constitution in the Government of the United States, or in any Department or Officer thereof.

  16. Something no one else has mentioned yet- by celerityfm · · Score: 2, Informative

    Definetly, DEFINETLY try all of the above mentioned things first and as directed AND THEN if you *STILL* can't get it off (and are sick of my all caps), THEN:

    1)Select one of the following spyware removal discussion boards

    http://www.wilderssecurity.com/
    http://forums.spywareinfo.com/
    http://forums.net-integration.net/
    http://www.computercops.biz/forums.html

    2)READ THEIR FAQS THOUROUGHLY

    3)Create an account and post your story along with supporting documents outlined in their FAQ to their board.

    4)Wait patiently and a real life antiscumware security expert will help you.

    The people on those forums hate scumware more then anyone and devote their spare time to helping rid the world of it. They have created custom tools to remove almost all kinds of spyware and with your help will diagnose your particular infection and send you the proper tools to get rid of it.

    These guys are the best so treat them with respect: do your own spyware scans before you bother them. But I think in your case you are qualified to talk to them now :)

    Good luck!

    --
    ...unfortunately no one can be told what The Mat^H^H^HGoatse is...they must experience it for themselves...
  17. Re:sorta OT by Anonymous Coward · · Score: 1, Informative

    This isn't too far from the truth.
    I'm a freelance IT professional that is making a butload off of this crap. I hate it, but I do like the money it makes me, but I really feel bad for the victims.

    It has gotten so bad and wide spread that even the above mentioned programs do not get them all. I hazard to guess that Spybot, Ad-aware, etc get about 70% coverage. There are times when an complete nuke and re-install is the quickest and cheapest solution.

    Even running Norton, Trend, McAfee, etc. I still have to check the HKLM(HKLU)/Software/Microsoft/Windows/CurrentVesio n/Run and even some older obscure startup keys such as .../WindowsNT/CurrentVersion/Load:

    Dir /a /od *.exe
    Dir /a /od *.dll
    dir /a /od *.bat
    or
    dir /a /od *.*
    in %systemroot% and %systemroot%\system32 may surprize you.

    The other day I found a critter called O.bat and a text file called O
    O.bat launched ftp O
    of course O contained all of the necessary commands to feed the ftp program to download 5 various spyware programs, and when finished the O.bat file executed them. Each putting icons on the desktop poping up more windows.
    These hijacked the IE browser and placed 100s of entires in the hosts file to common sites. So even after running spybot and ad-aware and it found and destroyed the 5 programs, it did not fix the hijack in the browser or the hosts file. so when a hacked URLSearchHook was issued due to mispelling, or typing in a legitamate site because of 100s of mangled entries in the hosts file it would re-run the O.bat file and start all over again.

    In addition to this one is finding a long list of files like:
    dkfjggdf.drf
    hgtretgf.jyt
    sfdghfgj.fgh
    d 4tghdbf.dhg ...etc
    and a hidden ini file with entries such as [clock] [data] referenceing the example scrambled names, I see this one often and so far I have not found any program that detects it. It is impossible to search for anything on it because it is so polymophic and nothing about it is consistant.
    I delete all of the files with dates around the time they were created and it seems to clean it up, and the pop-ups go away.

    Needless to say there is more this than just running programs to clean this garbage off of your computer.

    If you want to be sure, then the post that got Modded as +5 funny, isn't really funny, and should be informative.