Slashdot Mirror
House Passes Another Spyware Bill
SkippyTPE writes "The AP reports that the US House of Representatives has unanimously passed a law criminalizing Spyware. This is the second such bill in two days (the first imposing civil penalties, whereas this bill imposes criminal penalties). Information on the bills (HR2929 and HR4661) can be found here and here respectively."
There is a difference in unnecessary laws, and establishing laws to prevent unethical business practices. Would you like to be egregiously harmed only to be told that, although it should be illegal, nobody has got around to writing a law against what has happened to you, so you might want to go cry somewhere else.
Good Riddance Gator/Claria. The world will truly be a better place, even if our computer clocs are out of date by a couple minutes, or we don't know what the weather is like in Yemen.
Is there a good HOWTO on cleaning up a Windoze box from spyware and keeping it clean? I use the following method:
Install Ad-aware, update, clean, reboot, clean
Install Spybot S&D, update, clean, reboot, clean
Install Spywareblaster, update, enable protection
This method has worked pretty well in the past. In the last couple days, I've gotten infected by some browser hijackers and no amount of cleaning and resetting things will delete the %$#@$$#%ers. Is there a better method?
There is no reasonable defense against an idiot with an agenda
:wq
What about Microsoft?? What about Real.com, and all these others that require you to license their wares, and these wares send user metadata back to the mother ship! what about all this???
I bet because of all the Micro$oft(tm) money(tm) floating round in Washington, this will never ever get addressed!!!
Yup. Another pointless law just to fill lawmakers time up before holiday.
All content in this message is copyright (c) 2008. All rights reserved. RIAA is prohibited here.
Does this mean that the software that the FBI uses to track email in an effort "to fight terrorism" falls under the "spyware" law?
~G
If this becomes law, and a piece of spyware is found to be illegal, who exactly goes to jail? The programmers who wrote it? The stockholders of the company that paid the programmers to write it? The owners of the web site from which a user unwittingly downloaded and installed it? Suppose I determine that I got a piece of spyware from IP address X... is the ISP on the hook for criminal charges too?
Give Congress credit for trying, but I don't see you can realistically make installing spyware a jailable offense.
Seriously, I'm all for anti spyware and anti scam measures, but is this really going to address the core issue? That is, people aren't educated enough to NOT fall for scams? And if they AREN'T educated enough to not fall for it in the first place, what good will the law do?
:D ) is long gone. Incidentally those people who would be fooled by spyware are more than likely those who wouldn't know how to deal with it in the first place (spybot, adaware, or cleaning the system registry manually).
A current example may be those "multi level marketing schemes" like Vector or Pre paid legal (they are really just pyramids in disguise). We've got laws against pyramid schemes, and yet these companies are still around (they call themselves multi level marketing in most cases, just to avoid the legal hassels). The people who actually get caught up in the schemes are those who are a) to stupid or b) to greedy to not realize what's going on; and by the time the person has found out that they have been duped, the perp (I've been watching law and order
And then there's the question of how many people will actually actively pursue a lawsuit against spyware companies. I'm willing to bet that most people will say, "spyware is against the law, the companies can't do that and if they install it on my computer I'll write a nasty letter to them" instead of "spyware? time to sue". Almost like what's going on with spam..
Because if not, every worm writing script kiddie is probably crapping a load right now. The law goes into effect today. If your worm infects someone tomorrow, even if you wrote it years ago, you're hosed.
I hope.
Weaselmancer
rediculous.
Many spywares I've seen are in Windows directories. This may be old hat, but can't Windows do a simple hash or cert check on a file going into c:/Windows or c:/Windows/System to see if it's an "official" or "authorized" file?
A simple message like "Application X is trying to put a file called NOTEPAD.EXE in your Windows/system directory -- this is not a Microsoft file, do you want to allow this?" would suit me.
Goodness knows Windows nags me about a million other things on a daily basis ("Updates ... get your updates!").
Sam
If you can get even a few convictions, then it's not useless. Besides which, unlike with most viruses it's actually possible to track down spyware makers and users, because there's almost always a profit motive, and you can follow the money. It's not easy, of course, especially with the transnational issues, but its possible.
And what's the other option? Some spyware is basically uncleanable (especially the nastier CWS variants), and while it's fun to blame Microsoft it doesn't really help.
one republican member from texas opposed it on the grounds that any govenment control of the internet is wrong check this article
:)
The fellow's name is Ron Paul. He has an interesting position. Though they may not agree with apyware, i think it is a position that i think many here would agree with.
Maybe we should interview him on this site.
The war with islam is a war on the beast
The war on terror is a war for peace
In all seriousness though, what will happen to Microsoft now? Doesn't their EULA give them permission to access your computer and gain administrative rights? Won't this bill make that provision null and void?
Firstly, I'm of the mind that developers should (unless not possible) isolate their entire application to their own directory and only go into c:/Windows only when absolutely necessary. This makes things much cleaner (and is generally the Mac approach, by the way, that's why you can just drag and drop one icon to the applications folder to install something on a Mac).
Secondly, obviously there are times when an application *has* to place files under c:/windows -- in fact, Microsoft implemented a certification program for drivers with XP so now you get warned suring installation if the driver isn't certified for XP. (The is a cash grab by MS, but in their defense they attribute most XP instability problems with bad driver code written by third parties so it's a reasonable undertaking.)
In cases where an app needs to put a file in c:\windows I have no problem with "Call Of Duty wants to install a driver in c:\windows\system -- is that okay?" I'll just click 'yes'.
But I want to be able to click 'no' when "App-you-didn't-even-mean-to-install wants to replace your NOTEPAD.EXE and WRITE.EXE with spyware -- is that okay?"
Sam
Ron Paul (L-Texas) voted for this bill but he was the lone dissenter in the last spyware bill. It would be interesting to find out what was different about this bill (or what poison pill was in the last one).
Don't blame me, I didn't vote for either of them!
the spyware is still being created by or contracted for american citizens. doesnt matter if they operate their scams offshore. they're still under US jurisdiction.
Ah yes, another "fix" from the government. This will change human behaviour, just like prohibition and criminalizing ooh a small section of drugs which aren't controlled by Glaxo Smithkline, oh and murder, but we'll sell guns for... opening beer bottles with, and last time I checked speeding was a criminal offence but how many people get hit with speeding tickets?
Every single person who speeds is a criminal.
I think we now have so many laws that the respect has been watered down. In order to go about their day to day business civillians accept that they have to break laws to get things done.
Humans are incredibly good at calculating risk, we've been doing it since we were chasing the wooly mammoth down a steep incline. People sell drugs because the profit outweighs the risk of getting caught. Note: I said risk, not punishment.
You could make the punishment death by ferrets, but if the risk is low enough, there is no problem.
The punishment for getting hit by a drunk driver while walking on a sidewalk is death. Thats your punishment for being on the sidewalk at the time, but the risk is so low people do it.
It doesn't matter if installing spyware gets you a public flogging if the risk of that ever happening is 1:100000000000). Another well thought out bill.
Whith everyone commenting on whether or not these bills may or may not keep spyware off your computer (Shame on you for not using Linux!), did anyone notice that these bills have an EXPIRATION DATE?! Why?
Good Riddance Gator/Claria. The world will truly be a better place
Yes, but these kinds of laws set a very dangerous precedent for all of us. Putting people in jail for distributing spyware is very irresponsible. Fine them to death so they can't make payroll, whatever, but jail time?
What if the next law throws you in jail for trading music? Or for selling software that conflicts with someone else's very dubious software patent?
Time and again congress has demostrated that it is completely incompetant with regard to information technology. They are ill informed, have no expertise or training with technology, and seem only interested in extending the paradigm of centralized control into the internet. Which is exactly the opposite of what makes the internet great.
The last thing I want to do is defend spyware vendors, but going from discussing a bill to imposing jail sentences in less than a week is scary. These people just seem to love sending people to jail. America has the highest number of citizens in jail per-capita of any country in the world. Applauding moronic laws like this is just giving them permission to raise that statistic even higher.
The government has a defect: it's potentially democratic. Corporations have no defect: they're pure tyrannies. -Chomsky
Clearly, something must be done. This bill is not the answer, but at least they are looking at the problem. I would be surprised if the congess folk are not getting messages from irrate constituents complaining about spyware.
From the Yahoo article:
"People are increasingly finding their home pages have been changed or their computers are sluggish," she said. "Their computers are no longer their own, and they can't figure out why."
Yes, whatever became of the idea that it is my machine, not some marketing cash cow. The EULA should enumerate and describe in no uncertain terms what will be installled, what it will do, and how it will do it. The end user should need to okey each program, not the whole shooting match. If something is going to run on startup in the background, this should be stated and explained. There should be an easy way to stop the process. There should be a simple way to uninstall the evil program and all of its minions in the registry etcetera. Browser hijacking? Just plain illegal. If caught, death is too good for you. This is for starters.
Now explain this:
H.R.2929:
Makes it unlawful for any person who is not the owner or authorized user (user) of a protected computer (a computer exclusively for the use of a financial institution or the U.S. Government, or a computer used in interstate or foreign commerce or communication).........
It is home computers that need the most help in the fight against spyware, not corpoate, bank, and government computers, and unless I am reading this wrongly, home computers are given no protection under the bill. Why is that?
Then there was this quote which I just found amusing:
The chairman of the Energy and Commerce Committee, Rep. Joe Barton, R-Texas, said Goodlatte's anti-spyware bill was preferable because of its criminal sanctions, and Barton said he will work to combine both proposals for a final vote by year's end.Barton acknowledged that experts had recently found more than 60 varieties of spyware installed on the panel's own computers. He said all the spyware programs had been installed without the permission of computer users.
While I don't disagree with this, I also thing this is nothing more than a bandaid. The seive that is Internet Explorer is what makes most of this possible. IE gets hijacked and tons of spyway/virus type crap gets installed. I have been banning the use of it at work, but there are some users I just cannot prevent from using it. (my CFO refuses to stop using it?!?!?!?!) When companies are caught doing illegal things, they fine the companies till that *fix* the problem. Well, it's been almost 10 years, and IE has gotten worse not better. The more Microsoft embeds IE into Windows, the more disruptive these virus writers become. They need to mandate MS to separate IE from Windows, and curb it's *automatic usability* features. Fine them till they do it, or force them to remove IE all together and not allow them to make a web browser anymore. (wow wouldn't that break 30 million websites that are IE only hah)
:(
anyway, I'm just ranting because I have to deal with this epidemic daily at work...
Not of they want to sell their spyware-ridden "adware" in the US
This is the bill Philip Corwin, Kazaa's lobbyist, wanted.