Congress Debates Anti-Spyware Bill

whisky tango foxtrot by Cinematique · 2005-04-16 07:02 · Score: 1, Insightful

And they plan to enforce this... how?

Re:whisky tango foxtrot by Rosco+P.+Coltrane · 2005-04-16 07:07 · Score: 4, Funny

And they plan to enforce this... how?

One effective way to enforce this would be to render Windows illegal to use across the nation...

--
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Re:whisky tango foxtrot by rpozz · 2005-04-16 07:14 · Score: 2, Insightful

Spyware is like a trojan. Treat it that way. If a company tricks you into installing a piece of instrusive software that monitors the actions on your computer, then they should be punished in the same way as if it was a virus.

Enforcing this internationally is a bit more tricky though.
Re:whisky tango foxtrot by strateego · 2005-04-16 07:14 · Score: 1, Interesting

One effective way to enforce this would be to render Windows illegal to use across the nation...

It's not windows fault that there is spyware. It's idiots who buy products that are being advertised. If you stop buying penis enlargement pills, etc. Spam would stop.

The same people who buy stuff from spam are the ones that buy everything from Wal-Mart. Then they go complaining that there are no livable wage jobs. Stupid people are part of the problem.

--
Got Extra Money?
Re:whisky tango foxtrot by 0x461FAB0BD7D2 · 2005-04-16 07:17 · Score: 1

By passing along a chain letter.
Re:whisky tango foxtrot by Rosco+P.+Coltrane · 2005-04-16 07:17 · Score: 5, Insightful

It's not windows fault that there is spyware.

Yes. Most other OSes generally don't let foreign programs run willy-nilly and do things behind users' backs.

It's idiots who buy products that are being advertised. If you stop buying penis enlargement pills, etc. Spam would stop.

Spam != spyware.

--
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Re:whisky tango foxtrot by CSMastermind · 2005-04-16 07:22 · Score: 2, Funny

Orginally posted by rpozz:
Enforcing this internationally is a bit more tricky though.

That's what our military is for.
Re:whisky tango foxtrot by wingsofchai · 2005-04-16 07:24 · Score: 1

In other news..."Bill Gates was quoted as saying 'Really! I didn't design it, I originally stole most of my ideas from Apple!' as he was being arrested for propagating a malicious operating system.

--
Reading at high threshold levels is group-think.
Re:whisky tango foxtrot by Anonymous Coward · 2005-04-16 07:24 · Score: 0

Although I hate windows its real easy to see what auto starts, 2 registry keys and one folder in the start menu. Stupid Users are the real problem. Just like some people shouldnt drive or mate some shouldnt use computers.
Re:whisky tango foxtrot by CnCg · 2005-04-16 08:38 · Score: 1

Do you really belive that about people voteing Democrat with more education? Education tends to lead to income which tends to lead to voting Republican.
Re:whisky tango foxtrot by Anonymous Coward · 2005-04-16 09:38 · Score: 0

> Just like some people shouldnt drive or mate some shouldnt use computers.

Oh yeah, just TRY to get legislation for the later one, buddy. Then again, considering the last 20 years.......
Re:whisky tango foxtrot by Anonymous Coward · 2005-04-16 10:57 · Score: 5, Informative
its real easy to see what auto starts, 2 registry keys and one folder in the start menu

Um, no:

Some info from http://www.nohack.net/methods.htm
1. Start Menu\Programs\StartUp {English}
  The Shell=Explorer.exe line in system.ini
  The load= line in win.ini Under the [windows] section.
  The run= line in win.ini Under the [windows] section.
  Hkey_Local_Machine\Software\Microsoft\Wi ndows\Curr entVersion\Run
  Hkey_Local_Machine\Software\Micros oft\Windows\Curr entVersion\RunOnce
  Hkey_Local_Machine\Software\Mi crosoft\Windows\Curr entVersion\RunOnceEx
  Hkey_Local_Machine\Software\ Microsoft\Windows\Curr entVersion\RunServices
  Hkey_Local_Machine\Softwar e\Microsoft\Windows\Curr entVersion\RunServicesOnce
  Hkey_Local_Machine\Sof tware\\Microsoft\Windows\Cur rentVersion\RunOnceEx\000x "RunMyApp"="||notepad.exe"
  Hkey_Current_User\Soft ware\Microsoft\Windows\Curre ntVersion\Run
  Hkey_Current_User\Software\Microsof t\Windows\Curre ntVersion\RunOnce
  Hkey_Current_User\Software\Micr osoft\Windows\Curre ntVersion\RunServies
  The [386enh] section of system.ini (this includes the scrnsave.exe= line in system.ini which can be used to run things on your system.
  The [boot] section of system.ini (this includes the scrnsave.exe= line in system.ini which can be used to run things on your system
  The IOSUBSYS folder (drivers load automatically)
  The VMM32 folder (drivers that take precedence over those built into vmm32.vxd)
  config.sys
  autoexec.bat
  winstart.bat
  wininit.ini
That's 20(!), and I havent' even gotten into stuff like this:

[HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*"
The key should have a value of Value "%1 %*".
Backdoor example:
[HKEY_CLASSES_ROOT\exefile\shell\open\co mmand] @="\"trojan.exe %1\" %*"

With such registry entries, the trojan.exe is executed each time an *.exe is executed. /blockquote .. and there are versions of that for .com, .bat, .hta, .pif.

And of course, "If a trojan installs itself as c:\explorer no run keys or other start-up entries are needed."

So, quit the BS about " 2 registry keys and one folder".
Re:whisky tango foxtrot by Dolda2000 · 2005-04-16 11:12 · Score: 4, Insightful

Most other OSes generally don't let foreign programs run willy-nilly and do things behind users' backs.
What OS(es) would that be? GNU/Linux/UNIX? Just place your spyware in the user's ~/.profile.
Of course, there are many spyware programs that make their way into users' computers through holes in IE/DCOM/SMB/ActiveX/what have you, but the fact of the matter is that the majority of spyware comes with other programs, like Kazaa. That means that the user is willfully installing it. Sure, they may not know about it, but that doesn't mean they're not installing it by their own decision. There's nothing in any other OS that would prevent the user from doing that.
The reason why there's no spyware on Linux is not primarily that Linux isn't yet as popular as Windows, as many others suggest. The reason why there's no spyware on Linux (yet) is that most people run free software on their Linux systems, and free software developers... well, don't normally bundle spyware with their programs. If or when proprietary software ever gets popular with Linux, I'll assure you that you'll see an increase in spyware for Linux.
However, mind you that there's nothing inherent in Linux itself to stop it. Any such thing would just prevent the user from doing stuff, and would therefore be hindering users.
Autopackage has a lot of text on this.
Re:whisky tango foxtrot by Anonymous Coward · 2005-04-16 11:57 · Score: 0

but the fact of the matter is that the majority of spyware comes with other programs, like Kazaa.

Say-again? I just took 5000 copies of CoolWebSearch off of one of my users' Windows XP laptops. He was even *TRYING* to be responsible and guard against spyware/viruses -- which is more than what most users do.

Go do some systems adminsitration and/or help-desk work and then see if you still agree with yourself.
Re:whisky tango foxtrot by AmberBlackCat · 2005-04-16 12:52 · Score: 1

I think forcing Windows users to switch to another operating system would hinder their production and enjoyment more than the spyware. And I doubt it would increase their security.
Re:whisky tango foxtrot by spectre_240sx · 2005-04-16 13:25 · Score: 1

Dont forget the services area which, unless you're somewhat experienced with computers, you A) don't know exists or B) don't want to mess with. On top of that there are the many ways which programs can reinstall iself and recreate those entries in the registry, etc.

Honestly, you sound a lot like the type that comes into the store I work at claiming that they've worked with computers for years and they know everything about them. Yes, I would agree that stupid users such as yourself are a large part of the problem.
Re:whisky tango foxtrot by Anonymous Coward · 2005-04-16 14:21 · Score: 0

Choke on a dorito you fat linux fuck
Re:whisky tango foxtrot by Anonymous Coward · 2005-04-16 15:00 · Score: 0

Spam won't stop until we start executing spammers on primetime TV.

AND, it wouldn't hurt to have the advertisers right there next to them.
Re:whisky tango foxtrot by SlimFastForYou · 2005-04-16 15:41 · Score: 1

I don't know about you, but I'd take cleaning a Linux machine over cleaning a Windows machine any day.

Under normal circumstances with Linux, the only place a user may modify is ~. A user cannot install software for the system nor stick files anywhere on the computer. There isn't much you would have to look at to find the culprit.

With Windows, under normal circumstances, the entire family has Administrator (or almost) privileges. This is because many things just don't work without the user having high privileges (such as games). Not to mention the de facto web browser that is tightly intertwined with the system's files. Last but not least, we can't forget the magical place called the Windows Registry. I have spent countless hours looking and looking and looking through that humongous haystack trying to find the hidden needle haranguing the machine.

At the risk of being labeled unpatriotic pro-spyware scum, I don't see this article as good news. I really don't think Congress is competent enough to come up with an effective solution. Rather, I think that any legislation on this will be like one of Microsoft's patches. In other words, I think we will see them close one loophole and open two others.

I think the solution to this would be if people saw this as Microsoft's fault. Their OS seems to be the only one targetted. People need to demand better and hopefully make good on their threats if Microsoft doesn't find a way to put an end to this. Unix was around much earlier than Windows. Hell, the Microsoft corporation even used to work with Unix back in the day. Microsoft chose to deviate from what was tried and true. Hopefully, Congress won't goof. Hopefully, people will see Mac computers and Linux distros as viable choices if Microsoft doesn't find a way to finally end this nonsense.
Re:whisky tango foxtrot by SlimFastForYou · 2005-04-16 15:47 · Score: 1

I forgot to mention that I worked part-time as a computer tech until late last year. Though I didn't manage to infect my own computer much, I finally got tired of many of the things about Windows, decided to forgo most of my games, and switched to Linux about a year ago. Been happy and productive since.
Re:whisky tango foxtrot by Anonymous Coward · 2005-04-16 16:30 · Score: 0

wiTH a firey hellpit beast you whore!#^%#$%^*!@#allwillsuffer the wrath of lord deathray vader 1313!
Re:whisky tango foxtrot by DeadScreenSky · 2005-04-16 18:09 · Score: 1

AFAIK the Democrat-education correlation is stronger than the Republican-economic correlation. And I should point out that it was KARL ROVE there pointing that out.

--
There is no excellent beauty that hath not some strangeness in the proportion. -- Francis Bacon
Re:whisky tango foxtrot by Dolda2000 · 2005-04-17 00:01 · Score: 1

I don't know about you, but I'd take cleaning a Linux machine over cleaning a Windows machine any day.
Naturally -- I don't meant to argue about that. I, too, am a GNU/Linux user, and have been so exclusively for more than two years now, and there are too many reasons to list that I don't touch Windows even with a pair of pliers.
However, my point was that both systems may some day have a need to be cleaned, regardlessly of which one is easier to clean. My point was that it is not for any technical merits in either OS that Windows is being targeted, but rather because of the proprietary culture that surrounds Windows.
That's also why GNU/Linux has a chance of escaping spyware -- since the culture surrounding GNU/Linux is that of the free software community, there is a far lesser risk of those proprietary tendencies to reach the culture.
However, Linux has no technical merits -- and should not have -- to technically evade spyware. Like I said, there should be no such scheme either, because at some point, that would consist of restricting the user from doing stuff, and that may more than well include something the user will actually want to do.
Re:whisky tango foxtrot by Flamsmark · 2005-04-18 06:24 · Score: 1

that's what you think your military is for.

--
copyright © 2005 Flamsmsmark the ravings of a melancholly i
Re:whisky tango foxtrot by CrimsonAvenger · 2005-04-18 09:30 · Score: 1

AFAIK the Democrat-education correlation is stronger than the Republican-economic correlation.
well, no. From the CNN exit polls:
Vote for Bush by Income:
Under $15K - 36%
$15K-$30K - 42%
$30K-$50K - 49%
$50K-$75K - 56%
$75K-$100K - 55%
$100K-$150K - 57%
$150K-$200K - 58%
Over $200K- 63%
Vote for Bush by education:
No High School - 49%
High School Diploma - 52%
Some College - 54%
College Graduate - 52%
Postgrad Study - 44%
Note that Kerry wins at both ends of the Education spectrum - both postgrads and highschool dropouts favoured him (though it was a statistical deadheat at the low end, really).
On the other hand, Bush seems to be clearly less popular among lower-income brackets.
And I should point out that it was KARL ROVE there pointing that out.
Sounds like he was joking to me....

--

"I do not agree with what you say, but I will defend to the death your right to say it"
Re:whisky tango foxtrot by Tassach · 2005-04-19 04:58 · Score: 1

If you stop buying penis enlargement pills, etc. Spam would stop.
Not necessarily. This assumes that the spammers are making money selling some dubious product. Certianly, some are. However, a lot of spammers are making their money by selling their spamming service to other unscrupulous individuals & companies.
If I'm a spammer and I'm charging $5000 up front to send 50 million emails hawking penis pills on behalf of some other sleazeball, I'm getting paid regardless of whether or not he sells a single pill. Of course, if I'm really (smart|sleazy) I'll demand up-front payment AND a percentage of the gross sales :-) That way if he does actually make any money, I get paid twice.

--
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?

It's like porn.... by Anonymous Coward · 2005-04-16 07:03 · Score: 4, Insightful

Spam and Spyware are like Porn - Hard to define, but you know it when you see it.

Re:It's like porn.... by Rosco+P.+Coltrane · 2005-04-16 07:09 · Score: 2, Funny

Spam and Spyware are like Porn - Hard to define, but you know it when you see it.

I didn't realize those dirty jpegs and avis reported keystrokes to Natalie Portman...

--
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Re:It's like porn.... by m50d · 2005-04-16 07:37 · Score: 2, Informative

Porn has a very clear definition - material where the primary purpose is erotic i.e. arousing the viewer.

--
I am trolling
Re:It's like porn.... by Anonymous Coward · 2005-04-16 07:44 · Score: 0

Spam is extremely easy to define. The reason that it is hard to filter is that, given a single message, it's impossible to retrieve the information necessary to make the determination - whether the user has given consent, whether it was a double opt-in list, whether there is a prior relationship, things like that.
Re:It's like porn.... by KinkifyTheNation · 2005-04-16 07:50 · Score: 1

it's impossible to retrieve the information necessary to make the determination - whether the user has given consent, whether it was a double opt-in list, whether there is a prior relationship, things like that
Which is exactly why it's hard to legally define.
Re:It's like porn.... by jimmyCarter · 2005-04-16 07:50 · Score: 2, Informative

Porn has a very clear definition - material where the primary purpose is erotic i.e. arousing the viewer.

The parent was actually a reference to Supreme Court Justic Potter Stewart's quote from the obscenity case of Jacobellis v. Ohio.

--

-- jimmycarter
Re:It's like porn.... by kureido · 2005-04-16 07:53 · Score: 1

Credit where credit's due:

"I shall not today attempt further to define the kinds of material I understand to be embraced within that shorthand description [of pornography]; and perhaps I could never succeed in intelligibly doing so. But I know it when I see it..."

Hon. Potter Stewart, Associate Justice of the U.S. Supreme Court, JACOBELLIS v. OHIO, 378 U.S. 184 (1964)
Re:It's like porn.... by Anonymous Coward · 2005-04-16 08:07 · Score: 0

Oh watch it, there's guys getting aroused for the weirdest things. Rubber boots, excrements, high heeled shoes, haircuts.

There's a lot of porn sites on the internet.
Re:It's like porn.... by Anonymous Coward · 2005-04-16 08:15 · Score: 0

WTF are you on about? "Double opt-in" is easily defined. "Prior relationship" is easily defined. "Consent" is easily defined.
Re:It's like porn.... by Toby_Tyke · 2005-04-16 08:22 · Score: 2, Insightful

Porn has a very clear definition - material where the primary purpose is erotic i.e. arousing the viewer.

"You mean like every single commercial I've ever seen?" - Bill Hicks

I have a copy of Micro Mart next to my keyboard, featuring an add for Arctic Silver thermal paste. The ad features a picture of a woman in skimpy bikini. I don't think she has an awful lot to do with the paste, and I am forced to conclude that the picture was included simply to try and arouse the viewer, thereby encouraging him look at the ad. Does that mean the ad is pornographic?

--
"I realise this is not a very popular opinion but it's the truth, and there for needs to be said" -Bill Hicks
Re:It's like porn.... by Anonymous Coward · 2005-04-16 08:30 · Score: 0

Then why are there so many disagreements in the House? If it's so easy for you to define, why aren't you in Congress?
Re:It's like porn.... by m50d · 2005-04-16 08:47 · Score: 1

Yep. But all that matters is the intent when it's produced. A school play video that a paedophile gets off on is not porn. One of those victorian magazines with less nudity than a typical hour of TV but was intended as erotic is porn.

--
I am trolling
Re:It's like porn.... by m50d · 2005-04-16 08:51 · Score: 1

The purpose of the ad as a whole is probably to convince you of the merit of the product by making you think (consciously or not) you'll get women by using it, rather than to arouse you and thereby make you buy it, in which case it's not porn. But nudity is not necessary to make something porn, and a show that simply had women in skimpy bikinis for the sake of arousal would be pornographic.

--
I am trolling
Re:It's like porn.... by jZnat · 2005-04-16 08:55 · Score: 1

It's not the jpegs and avis to worry about, it's those damn wmvs.

--
'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
Re:It's like porn.... by Anonymous Coward · 2005-04-16 08:59 · Score: 0

Then why are there so many disagreements in the House?

Because a) they aren't domain experts and b) they can't distinguish between domain experts and people with vested interests in making sure their spam is on the right side of the law.

If it's so easy for you to define, why aren't you in Congress?

I'm not a USA citizen.
Re:It's like porn.... by Anonymous Coward · 2005-04-16 09:09 · Score: 0

heh heh heh

...strokes...
Re:It's like porn.... by slavemowgli · 2005-04-17 02:42 · Score: 1

"Pornography (from Greek pornographia -- literally writing about or drawings of harlots) is the representation of the human body or human sexual behaviour with the goal of sexual arousal, similar to, but (according to some) distinct from, erotica." (from http://en.wikipedia.org/wiki/Pornography).

That being said, I think there is a saying that goes something like this: "erotica is what me and my friends like; porn is what people I don't know/care about like; and smut is what people my enemies like." It's got some truth in it: more often than not, the distinction between what people call "porn" and what they call "erotica" seems to be based more on their own opinion, preferences and agenda than on hard facts pertaining to the actual piece in question.

--
quidquid latine dictum sit altum videtur.

too restrictive??? by xlyz · 2005-04-16 07:03 · Score: 3, Insightful

what is happening on my pc isn't business of anybody else. period.

Re:too restrictive??? by Big+Mark · 2005-04-16 07:39 · Score: 1

If it's too restrictive legitimate uses of phone-home software could be rendered illegal. I don't think anyone wants commercial software checking the validity of its licence key over the internet to be outlawed, for example.
Re:too restrictive??? by Anonymous Coward · 2005-04-16 07:40 · Score: 0

When it impacts interstate commerce it falls under the purview of Congress. Do you hate the Constitution of something?
Re:too restrictive??? by creysoft · 2005-04-16 07:51 · Score: 1

That's not what was meant. Most spyware comes with some sort of an EULA (or is covered by another EULA) in which you give your consent for their monitoring activities. It's all perfectly legal right now. Basically what Congress has to do is make a category of things which you CANNOT legally give consent to. In other words, EULAs which force you to accept spyware would become invalid, since you can't agree to accept spyware.

The problem comes in when they try to define "spyware." Since they're outlawing a class of currently legal applications, they have to describe it at the technical level. Some applications regularly report various information about your computer to their parent companies for perfectly benign purposes. Imagine for example a weather monitor that extracts your zip code from your address book to show you the local weather. I, personally, would never run such a program, but there are many people too fucking lazy to type their zip code, so it could be a useful feature. Depending on how they word this bill, such program may be illegal.

When it comes right down to it, the problem is that one person's spyware is another person's "cool free program." Consider Bonzi Buddy. A malicious piece of spyware, no doubt. But it did have many cool features, not the least of which was a 3D talking monkey. I mean, come on! How cool is that?! And then there was the useful stuff like web search assistance, encyclopedia links (I think), and a bunch of other crap. I'm sure a lot of people thought it was neat, and used it.

Personally, I don't think Congress should be making an anti-spyware bill. It's stupid, and a waste of time and money. What they SHOULD be doing is coming up with a bill that forces companies to be more straightforward with their EULAs. Certain things should have to be hilited, and restated in non-legal terminology. Of course, such a bill would be difficult for most people to comprehend, and wouldn't have nearly the same pathetic posturing value.

Oh well...

--
Formerly GNU/Anonymous Coward. This message has been determined to cause cancer in laboratory animals.
Re:too restrictive??? by anthony_dipierro · 2005-04-16 08:50 · Score: 1

Basically what Congress has to do is make a category of things which you CANNOT legally give consent to.

No, that's something Congress absolutely SHOULD NOT do.

The problem comes in when they try to define "spyware."

No, the problem came in when Congress tries to protect people from themselves.
Re:too restrictive??? by SCHecklerX · 2005-04-16 12:00 · Score: 1

Why not? What is the need for that to occur? If a software vendor doesn't trust that I actually bought their product and feels they need to pull that crap, then I will happily find an alternative.
Re:too restrictive??? by ciscoguy01 · 2005-04-16 15:55 · Score: 1

Personally, I don't think Congress should be making an anti-spyware bill. It's stupid, and a waste of time and money. What they SHOULD be doing is coming up with a bill that forces companies to be more straightforward with their EULAs. Certain things should have to be hilited, and restated in non-legal terminology.

What congress should be doing is setting statutory civil penalties, like $5000 or actual damages whichever is more, for distributing software that deliberately or even negligently damages your computer. So you can sue them for your damages.

Damages are trebled if there is deception involved, like a multi page EULA such as used by Gator (Claria) & 180Solutions and described at http://www.benedelman.org/spyware/installations/3d -screensaver/

In the recent news 180solutions is complaining about CA and their PestPatrol product which removed the 180solutions spyware product, and Gator threatens to sue CA over removal of their spyware.
See http://www.nwfusion.com/news/2005/040405-spyware.h tml
The above article is well worth a read.

--
.
Re:too restrictive??? by Flamsmark · 2005-04-18 06:29 · Score: 1

no, i definately don't want any of my commercial software checking the validity of it's licence key over the internet. and if it tries to do that without telling me that it will, all the more so. hence the need for outgoing-restrictive firewalls.

--
copyright © 2005 Flamsmsmark the ravings of a melancholly i

Legitimate companies? by Anonymous Coward · 2005-04-16 07:05 · Score: 0

"... too restrictive for legitimate companies"

From the article:

"Spyware is a catchall term used to describe programs that stealthily install themselves on computers."

What legitimate use has software that doesn't inform about it presence -- let alone hides it?

Re:Legitimate companies? by TekGoNos · 2005-04-16 07:12 · Score: 4, Insightful

"Spyware is a catchall term used to describe programs that stealthily install themselves on computers."
What legitimate use has software that doesn't inform about it presence -- let alone hides it?
Well, video codex come to my mind, they are stealthily downloaded and installed by the media player.

And most spyware doesnt install so stealthily, at one point the user has to click yes on a dialog (a very obscure dialog it is). So a lawyer could always argue that the installation wasnt stealthy and that the product therefor isnt spyware.

--
I have discovered a truly remarkable proof for my post which this sig is too small to contain.
Re:Legitimate companies? by 0x461FAB0BD7D2 · 2005-04-16 07:28 · Score: 1

Trackers and monitors installed by schools and companies, as well as by concerned parents.

Also, the vast number of IE-themed Firefoxes installed by geeks fed up of cleaning out adware and spyware.
Re:Legitimate companies? by Anonymous Coward · 2005-04-16 07:40 · Score: 1, Informative

"Well, video codex come to my mind, they are stealthily downloaded and installed by the media player"

uhm not by Windows Media player, it will ask permission to install any codecs it wants via a signed by MS ActiveX dialog
Re:Legitimate companies? by Anonymous Coward · 2005-04-16 10:09 · Score: 0

it will ask permission to install any codecs it wants via a signed by MS ActiveX dialog
Just like Gator eWallet, IBIS and every other piece of spyware out there.
Re:Legitimate companies? by Anonymous Coward · 2005-04-19 14:25 · Score: 0

Just like Gator eWallet, IBIS and every other piece of spyware out there.
Um, yeah. Keep telling yourself that. Does it make you feel superior to delude yourself like that? Mmmm, smug superiority.

Re:Will this change things much? by bird603568 · 2005-04-16 07:06 · Score: 0

But wouldnt that be like getting steriods from mexico? Its still illegal.

What we need is by Primotech · 2005-04-16 07:07 · Score: 0, Insightful

a government agency that understands technology, staffed by former professionals in the various fields. Decisions like this shouldn't be left up to those who have no idea what they're talking about.

--
Do Not Eat iPod Shuffle

Re:My first if it is... by JawzX · 2005-04-16 07:08 · Score: 0, Offtopic

heh, just never done it before. figured i;d try out the troll-thing for fit. I could use a little negative karma anyway, I'm starting to get a swollen head.

--
A Call For A New Slashdot Moderation Level!

Wow! by janek78 · 2005-04-16 07:09 · Score: 5, Insightful

From TFA: The average "infected" computer had more than 90 spyware and adware programs.

I doubt I have that many legitimate programs installed in my computer and I don't think these guys have either. The thought that their computers contain more spyware than software is scary.

I don't believe that a law can change this though. It might decrease the number of US based spyware companies, but I doubt the effect will be noticeable.

More secure browsers and user education seem like a better solution.

Re:Wow! by Anonymous Coward · 2005-04-16 07:17 · Score: 0

Anti-spyware programs will find maybe 90 files that are part of "spyware", but that does not mean you have 90 seperate programs.
Re:Wow! by -kertrats- · 2005-04-16 07:21 · Score: 1

I think they meant 'files', rather than 'programs'. Just a guess, but it seems far more reasonable that way.

--
The Braying and Neighing of Barnyard Animals Follows.
Re:Wow! by Denyer · 2005-04-16 07:27 · Score: 1

Haven't read the article, but previous counts of spyware on user machines tended to include cookies. Hopefully the proposed bill won't make the same mistake.

--
Ph-nglui mglw'nafh Gates M'dna wgah'nagl fhtagn.
Re:Wow! by NeoSkandranon · 2005-04-16 09:01 · Score: 1

It could be that a few outliers caused the average to rise. Most computers might have fewer than 90, but a few dozen porn addicts and/or bonzi buddy lovers could have thousands of spyware bits each.

--
If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
Re:Wow! by Skuld-Chan · 2005-04-16 11:08 · Score: 1

I clean up my little brothers windows machine with that ms-anti-spyware tool and it had over 90 spyware apps on it.

So I can believe it :)

Re:Will this change things much? by Nichotin · 2005-04-16 07:09 · Score: 1

In theory they could just do as they did with Sharman Networks.

--
Dvorak on Doomtech

"Another CAN-SPAM" by Council · 2005-04-16 07:10 · Score: 1

Which way did CAN-SPAM go?

--
xkcd.com - a webcomic of mathematics, love, and language.

Re:"Another CAN-SPAM" by compm375 · 2005-04-16 07:16 · Score: 2, Funny

It's working perfectly. It says that people can spam, right? I thought that was pretty obvious though that people are able to spam.
Re:"Another CAN-SPAM" by Anonymous Coward · 2005-04-16 07:33 · Score: 0

Do you still get spam?
Re:"Another CAN-SPAM" by Tassach · 2005-04-19 05:16 · Score: 1
It's working perfectly. It says that people can spam, right?
I can't say that I've ever seen a "legal" spam -- that is to say one which actually adheres to the restrictions of the CAN-SPAM act:
- False or forged headers are forbidden
- Deceptive subject lines are forbidden
- Must have a working opt-out mechanism
- Must identify itself as an advertisement
- Must have sender's postal (snail-mail) address
--
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?

pointless by slackadmin · 2005-04-16 07:10 · Score: 3, Insightful

Last time I checked fruad was illegal too, but guess what...

--
Life is pleasant. Death is peaceful. It's the transition that's troublesome. - Isaac Asimov

Re:pointless by slackadmin · 2005-04-16 07:52 · Score: 1

yes, yes...after extensive research...it is fraud...and anonymous cowards are still dicks.

--
Life is pleasant. Death is peaceful. It's the transition that's troublesome. - Isaac Asimov
Re:pointless by jimmyCarter · 2005-04-16 07:53 · Score: 2, Insightful

I think that's a silly argument. Rapes still happen, but should we do away with the laws that make rape illegal?

--

-- jimmycarter
Re:pointless by slackadmin · 2005-04-16 08:20 · Score: 1

also a bit silly to compare violent sex crimes to fraud.

--
Life is pleasant. Death is peaceful. It's the transition that's troublesome. - Isaac Asimov

Congress wants to be helpful? by Anonymous Coward · 2005-04-16 07:11 · Score: 1, Insightful

That's about as sensible as a law so that a pet mice won't chip your furniture.

Tell me, how could spyware even *work* if we had OSes that wouldn't allow programs to connect to the net *unless* we authorize them?

Just put the pet mouse in a cage, no law needed.

Re:Congress wants to be helpful? by jacksonj04 · 2005-04-16 08:57 · Score: 1

The trouble is, the people who install Spyware will *still* allow the application to access the net, because they will just click "OK" or "Yes" to get their UberCoolDownloadHelperSearchNavigatorBar to work.

--
How many people can read hex if only you and dead people can read hex?
Re:Congress wants to be helpful? by neumayr · 2005-04-16 15:00 · Score: 1

As far as I can tell you can get people to authorize almost anything. Have them click "accept" to a very long license agreement for a handy tool, or, failing that, offer some slim chance for them to get "free stuff"[tm].

Nowadays people give away their personal information for free stuff without stopping to think whom they're trusting with that information. It's not too big a step to throw in some bandwidth and cpu time too.

--
Truth arises more readily from error than from confusion. -Francis Bacon

Would this be... by Radar|TGS · 2005-04-16 07:12 · Score: 4, Funny

the CAN-SPY act?

Re:Would this be... by me+at+werk · 2005-04-16 11:34 · Score: 1

To the FBI/CIA: a resounding yes.

--
For context, click Parent.
Re:Would this be... by ozbird · 2005-04-16 15:07 · Score: 1

More like the AYE-SPY act.

Computers appliances by magarity · 2005-04-16 07:12 · Score: 4, Insightful

This article is just begging for a slightly condecending comment about how computers are not yet plug-n-go appliances that the public should be allowed to own without training and/or licensing. But where to point the blame... consumers, most of whom don't know how to change their car's oil or other equvalent activities to computer preventive maintenance? Microsoft ( the slashdot favorite whipping boy) for making it easy to use a computer without knowing anything more than 'click the E for internet'? Dell, for making computers as cheap as appliances? Lawmakers, who think they can wave a legislative wand and make internet miscreants (spammers, bot networkers, spyware writers) behave?

Don't they use dictionaries? by showardkid · 2005-04-16 07:13 · Score: 1

I got a good definition here, and here. Of course, we can define it MY way:

Spyware, N.: Spyware may be Slowing t3h yu0r PC down!!!1 Downl0ad t3h 0u|2 5py-5w33p3r t0d4Y!

--
Do, do not, or delegate to someone else: there is no try.

proper definition... by John+Seminal · 2005-04-16 07:14 · Score: 3, Insightful

there are disagreements on how to define the term "spyware". A wrong decision could end up in two opposite directions: Either a law too restrictive for legitimate companies, or a "safe harbor" for some malicious spyware distributors

Congress should define spyware as any code that runs on your machine that you did not agree to instal (So if I instal FreeGamePack, I expect to get FreeGamePack and not HiddenBackdoorTorjan. I agreed to instal one but not the other). I remember installing debian once, and it had a list of over 1000 packages, each with a description. I would like to see Windows do that, give me choice. Do you want the Internet Explorer pack? Do you want the Netscape pack? Do you want the Mozilla pack?

The second part of the definition is the software is not allowed to communicate to any other machines unless the owner of his machine allows it. That would kill RealPlayer and their crappy hidden settings.

--

Rosco: "If brains were gunpowder, Enos couldn't blow his nose."

Re:proper definition... by Fnkmaster · 2005-04-16 07:28 · Score: 3, Insightful

The problem though is defining a concept like consent without placing overreaching restrictions on software developer's freedoms. I mean, the majority of spyware currently obtains your consent in some way to install itself - buried in term number 11, section 3b of the click-through EULA, it is disclosed that you hereby give consent for Claria to install Gator, for example. Of course, they know nobody has enough hours in the day to read EVERY EULA put in front of them, so of course no real consent is ever formed.

Any third party product that is not functionally necessary for the application a user believes they are installing should be legally required to be a separable item in the installation process that you must opt-in, not opt-out, from. Sure, such a definition can be worked around by a malicious organization by making the spyware linked in like any old software library and claim it is functionally necessary for the advertised features of the software, but since such a connection would constitute an obvious attempt at circumvention, it should be easily thrown out by a judge at his or her discretion. Ultimately, any of these laws will require some of that kind of subjective precendence-setting to establish an enforcement regime.

I would also like to see any modification of already-installed software on your computer require separate, explicit permission-gathering steps from the user (i.e. fucking with DNS a la new.net, or installing components into your browser toolbar). Any modifications those components make to content or user experience should be explicitly and clearly disclosed in that step, as well as any information gathered by said components for transmission back to the author or other third party.
Re:proper definition... by Dachannien · 2005-04-16 07:29 · Score: 1

The first part of your definition is a great start at stamping out the most insidious instances of spyware. Legitimate web designers aren't foisting this crap on their users, so it's easy to stay in compliance.

The second part, while desirable for many of us, would probably be an undue burden on software publishers, creating a legal hoop that any developer (even some individual IANAL guy in the OSS movement) would have to make sure they jump through when distributing their software. There could be tons of inadvertent noncompliance even among legitimate software developers.

OTOH, forbidding the transmission of *personally-identifiable information* without express consent of the user is a good idea. Anyone collecting such information *should* already have a privacy policy in place, meaning they already most likely have some sort of legal consult available. In other words, it doesn't overburden Joe Hobbyist or put him at risk of accidental noncompliance.
Re:proper definition... by John+Seminal · 2005-04-16 07:38 · Score: 2, Informative

Any third party product that is not functionally necessary for the application a user believes they are installing should be legally required to be a separable item in the installation process that you must opt-in, not opt-out, from.
I like this! And while we are at it, have every peice of software have some easy way of unistalling it and every component. Most of the worst spyware is hidden, and difficult to remove. I had a friend with a registry setting to reset his browser to go to www.imakemoney.com or something like that. You find the program, delete it, but forget there is a setting in the registry which brings it back.
A friend installed AOL on their computer. While AOL was installing, so did Real Player. I thought WTF is this, where did it come from. So I uninstalled it. The next time I went to his house, there it was again, Real Player. So I uninstalled it again, and watched as he logged back in. As soon as he was done, and disconnected from AOL, he got "Please wait... we are installing an important upgrade".

--
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Re:proper definition... by Zordak · 2005-04-16 07:58 · Score: 1

This really isn't such a dramatic proposition. In some cases, certain types of provisions in a contract are not enforceable unless they are separately agreed to by the non-drafting party (i.e., if it's buried in the small print somewhere on p.7 of the form contract, it doesn't count -- there has to be a separate signature right next to the provision in question). If the law simply stated that the user had to give separate consent for a program to be legally installed, then each piece of spyware would have to ask you separately (like in a separate install dialog) if it's okay to install. You may run into the problem of defining a "program" as opposed to a "plugin" or something (you don't want to have to agree to every one of the millions of DLLs that get installed on windows), but I don't think it's that problematic. If it's an ".exe," it definitely needs to have separate permission. If it's a "plugin," it must be fully dependent on some executable, and any plugin that wants to work with an executable that's already installed has to get separate permission. So, the spyware makers could make a single executable called the Spyware Canopy or something, and make all of their stuff plugins to that, but you'd still have to agree separately to the install of Sypware Canopy, and even if you did, all you would have to do is delete the single file spcanopy.exe and it would break all of the spyware.
Of course, they would try to make spcanopy.exe a self-reinstalling program, but just make that illegal under the law too (this also takes care of stuff like Internet Explorer and Outlook Express that cannot be killed without migrating to Linux). Any program that will change system settings should have to explicitly say that's what it's doing. Any program that wants to load itself into memory on startup must display an icon in the tray, and it must have a simple checkbox on the popup menu that tells it to go away and never load itself again unless it is explicitly told to.
Of course, there are two major problems with this. First, even if a program popped up a dialog and said, "Hi, I'm malicious spyware, and I'm going to chew up all of your memory, collect private information, clear your bank account and format your hard drive. Okay to install?" most users would just click "Yes" and go on their merry ways because they just have to have that cute waterfall screensaver. Second, even if the law is theoretically good, it would be really tough to enforce.

--

Today's Sesame Street was brought to you by the number e.
Re:proper definition... by timmyf2371 · 2005-04-16 08:05 · Score: 2, Interesting

The problem though is defining a concept like consent without placing overreaching restrictions on software developer's freedoms. I mean, the majority of spyware currently obtains your consent in some way to install itself - buried in term number 11, section 3b of the click-through EULA, it is disclosed that you hereby give consent for Claria to install Gator, for example. Of course, they know nobody has enough hours in the day to read EVERY EULA put in front of them, so of course no real consent is ever formed.
This is hardly an excuse.
Let's imagine for a moment that EULAs are legally-enforceable contracts, which they are in Scotland.
Would you say the same thing about any other legally-enforceable contract such as a credit agreement or an employment contract?
When agreeing to a contract whether by signature of by electronic signature, you should always read all the terms of the contract you are agreeing to otherwise if/when things go "wrong" it is the person who agreed to the contract in the first instance who is at fault and no-one else.
Now, the only way I could theoretically see the inclusion of spyware by EULA being ruled illegal would be by something similar to the UK's Unfair Contract Terms Act - I'm not sure whether there is something similar in the US however it could potentially be argued in a court that the inclusion of such applications would be an unfair contract term, however there is no such rules set in stone as to what is and what isn't an unfair term.

--

Backup not found: (A)bort (R)etry (P)anic
Re:proper definition... by YrWrstNtmr · 2005-04-16 09:12 · Score: 1

I remember installing debian once, and it had a list of over 1000 packages, each with a description.
And did you read through, and understand, each and every one of those 1000 descriptions?
Did you explicitly click 'Yes' on each one?
Re:proper definition... by John+Seminal · 2005-04-16 09:16 · Score: 1

I remember installing debian once, and it had a list of over 1000 packages, each with a description.
And did you read through, and understand, each and every one of those 1000 descriptions?
Yes. And it was fun. It was like looking for treasure. It is where I found PUMP. As for the packages I did not understand, I did not instal them.

--
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Re:proper definition... by Anonymous Coward · 2005-04-16 09:29 · Score: 0

And when you chose to install "PUMP", how would you know it wouldn't cause "HiddenBackdoorTorjan" to be installed? APT technology would certainly makes it possible.

Your argument isn't about the technology, it's about the fact that Debian is honest and Spyware companies aren't.
Re:proper definition... by luminousvoid · 2005-04-16 13:28 · Score: 1

" I remember installing debian once, and it had a list of over 1000 packages, each with a description." The problem with teh definition is right here. Did you really agree to those 1000 packages? what if it was a 1000 page EULA, 1 page per package?
Re:proper definition... by Anonymous Coward · 2005-04-16 15:55 · Score: 0

Writing a definition is not hard: - they already have one for stalkers,peeping-toms, and perverts who drill holes through walls for snakey pictures.

What is hard is getting prescribed damages per offence, as well as getting statutory mandated removal procedures to be provided and the must be effective and complete - no residual bitterness.

There is no way to distinguish between friends and villians, when furtive practices are at play.

A Program that is created to steal personal information that is on your computer, do things behind you back, and/or make unauthorised changes to storage, or make furtive communications.

Why TF? by Sebilrazen · 2005-04-16 07:14 · Score: 2, Funny

Don't the powers that be require that any installable must first seek permission to do so?

"I'm about to install porn_dialer_v1.69.exe, Click OK to continue"

--
"There are no facts, only interpretations." --Friedrich Nietzsche.

Re:Why TF? by johannesg · 2005-04-16 19:59 · Score: 2, Insightful

You know it won't look like this. It will be more like
"You are about to install MSCFGT38.EXE. Installation of this program will improve your browsing experience, and is required to access this website."
The fact that it is some sort of auto-dialer that connects to a foreign country at a rate of $65/min won't really get mentioned.
Personally I blame Microsoft. They have been trying to hide what the computer is doing for years, undoubtedly out of some misguided notion that when you don't name the problems that you have they will somehow be less severe, even though all it does is frustrate support people.

hopefully by Aenox · 2005-04-16 07:15 · Score: 0

Hopefully this will result in a few huge sentences with spyware authors jailed for 10-14 years. Like spam it's obviously much worse than any other crime.

Re:hopefully by Aenox · 2005-04-16 07:27 · Score: 0

... that would get the message out.

Re:My first if it is... by Anonymous Coward · 2005-04-16 07:15 · Score: 0

You are goddamn awful at getting negative karma. How did you maintain a score of 1 with this bad boy?

Must be the low UID.

http://slashdot.org/comments.pl?sid=143376&cid=120 16501

Re:Will this change things much? by Jeff+DeMaagd · 2005-04-16 07:16 · Score: 1

To be totally untouchable, they would have to offshore all their advertisers too, I think. And also offshore the owners and operators.

It seems to me... by wingsofchai · 2005-04-16 07:18 · Score: 3, Insightful

That trying to eliminate spyware is something like the attempt to eliminate P2P...pretty much pointless and ineffective. It's really a user issue...people just have to be smart about what they install, it's really not hard to avoid the really bad spyware...

--
Reading at high threshold levels is group-think.

Re:It seems to me... by Stevyn · 2005-04-16 08:36 · Score: 1

You're exactly right. As long as users keep clicking through EULAs and agreeing to those terms, this will stay legal in practice.

Re:Will this change things much? by Anonymous Coward · 2005-04-16 07:20 · Score: 0

I can't think of any examples, but I know that one Russian cracker was arrested and charged by the American judicial system, even though everything he did was in (and legal in) Russia. Someone can most likely give better examples and details than I.

The final solution by archevis · 2005-04-16 07:22 · Score: 5, Funny

Could somebody please patent spyware/adware and start suing...?

Re:The final solution by Anonymous Coward · 2005-04-16 09:38 · Score: 0

Unfortunately no, by this point there's way more than enough "prior art"

It's Congress, they can solve any problem by John+Seminal · 2005-04-16 07:24 · Score: 2, Interesting

And they plan to enforce this... how?

Maybe they will start by making all spyware illegal. Then they will notice most of it will come from servers outside the USA. So the next step might be to make software inside the USA incompatible with software outside the USA. Maybe a region lock on all computers, so it can only play software from your country code.

If you want to get a machine which playes region 2 software, do so at your own risk. But I will be safe with my Congress approved region 1 computer. ;) Maybe Congress will even force computers to have a chip on the motherboard, like the Play Station. 90% of people with a play station didn't modify their machine at the hardware level. It is too much work. Congress can make it more difficult to do any activity, and they can increase the penalty. At some point the risk gets too high and the reward is not high enough.

Seriously, there is an easy way to enforce this law. It is with treaties. The USA can force smaller countries to agree not to import into the USA software with spyware. I dunno about the rest of you, but I would HATE to get caught doing ANYTHING wrong in Hong Kong or some country where they will whip me. Remember, the FBI did find that kid in the philippines who wrote the virus a few years ago. He used a public computer to release it, but they tracked him somehow. And now he is in a third world prision.

--

Rosco: "If brains were gunpowder, Enos couldn't blow his nose."

Re:It's Congress, they can solve any problem by CSMastermind · 2005-04-16 07:29 · Score: 1

It's not always that simple. Sometimes the US will overlook certain crimes in other countries because we want good relations with them. I'm not so sure about "Congress approved " computers. Sounds to much like big brother to me. But I do see your point and in general you're correct the problem here is what is defined as 'spyware'.
Re:It's Congress, they can solve any problem by Pofy · 2005-04-16 17:57 · Score: 1

>Maybe they will start by making all spyware
>illegal.

Then they figure out it needs better "protection" so they set up a multi step process to reach the goal.

* First, make anyone who helps making spyware or help install spyware being illegal as well.

* Then make any person who manufacture, import, offer to the public, provide, or otherwise traffic in spyware commiting an illegal act.

* Then they make all those programs that bundle spyware illegal. Anyone involved in making, producing, programming, marketing or otherwise invilved in the making of a program that in any way installs, or through other means places spyware on a computer should be liable.

* Rise the penalties, each instance of spyware placed on a system illegally should be fined up to a possible $500.000 or 2 years in prision. This insluced all those that are liable therough other laws previously or later proposed. After all, the spyware is stealing my computer from me!!

* Now there needs to be protection for any technologial measure that effectively controls the access to the computer to prevent the installation of spyware. Any circumvention (intetionally or not, regardless of an approving "click" that states otherwise) of such is illegal. By the way, a simple file somewere on the hard disc of a computer that says "no spyware" is definately a working technological access protection for spyware.

* Next is then making anyone who in any way help, aid, induce, abets, procures in spyware or their functioning commiting illegal acts.

* Now follows that it will be illegal for anyone to make, manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof that is in anyway connected to spyware.

* Finally, even thinking about spyware will be illegal!
Re:It's Congress, they can solve any problem by Flamsmark · 2005-04-18 06:26 · Score: 1

'* Finally, even thinking about spyware will be illegal!' then just modify language so that nobody can adequately express what it is. newspeak will eliminate transgressors. 1984.

--
copyright © 2005 Flamsmsmark the ravings of a melancholly i

If you do bussiness in the US by Sycraft-fu · 2005-04-16 07:25 · Score: 4, Insightful

You are subject to US law. Now at some point, these people probably have a US stopping point. Maybe the authors are entirely foriegn, but the ad companies that pay them to make it probably aren't. What good does an ad do if it's for something you can't buy in that country? I'm betting somewhere along the chain, there are people in the US that can be held responsable. In most cases, I'm betting the companies are US based.

It's also possible the US could seek extradition over this. You can't run to a foriegn country and hide, if those countries have extradition treaties. I'm not sure they'd bother for something like this, and the other nations might refuse to extradite if it wasn't against their own laws, but it's also a possibility.

Re:If you do bussiness in the US by houghi · 2005-04-16 09:02 · Score: 1

What good does an ad do if it's for something you can't buy in that country?

It does not cost them anything to install it on computers in coutries where people do not even speak English. Or do you think they do not install that kind of software on Japanese or Belgian PC's?

--
Don't fight for your country, if your country does not fight for you.

Re:Will this change things much? by Anonymous Coward · 2005-04-16 07:28 · Score: 0

You mean other than blacklisting Australia's netblock?

yahoo & msn messenger by Anonymous Coward · 2005-04-16 07:28 · Score: 0

these things are like spyware. infact they are. yahoo messenger is not that bad as you can uninstall it. msn messenger is bad because you can install it. both of them programs will install unwanted hidden things like search bars tool bars try to change your home page, and will force adds onto you. i suggest we ban them from our computers and just use gaim instead! fucking companys

Re:yahoo & msn messenger by Armadni+General · 2005-04-16 08:26 · Score: 0

You do realize that without Yahoo and MSN messengers, there is no network on which Gaim may run?

Think before you open your fat mouth.
Re:yahoo & msn messenger by Shin+Chan · 2005-04-16 09:22 · Score: 0

Not to mention that the toolbar and what not more are OPTIONAL. Or did you miss those checkboxes and license agreement while racing through the setup like any John Doe does nowadays?

--
Proud owner of BOT2K3 [ bot2k3.net ]
Re:yahoo & msn messenger by toddestan · 2005-04-16 13:39 · Score: 1

There is always Jabber.
Re:yahoo & msn messenger by Anonymous Coward · 2005-04-16 14:33 · Score: 0

well lets see?

theres aim and icq (though you may consider those just as bad)

then theres jabber and all sorts of other im protocols as well.

i think gaim even supports irc (though that is NOT well suited for im use imo)

most lusers use the highly commercialised im networks and so us techies are forced to use them too. Thats the main reason so much effort is put into making multiprotocol clients work on such networks (which has been a real pain at some points in the past with arms race type tactics from the im networks)

Re:Will this change things much? by rpbailey1642 · 2005-04-16 07:28 · Score: 1

You're probably thinking about Dmitry Sklyarov, a Russian programmer who circumvented Adobe's eBook encryption scheme. He was arrested, from what I understand, not for cracking the code but for giving a talk about it in Las Vegas. I didn't really follow the case, but Slashdot had a bit about him a while ago: http://slashdot.org/article.pl?sid=01/07/17/130226

Re:My first if it is... by JawzX · 2005-04-16 07:29 · Score: 1

See What I mean?

--
A Call For A New Slashdot Moderation Level!

Definition is irrelevant by mikeswi · 2005-04-16 07:29 · Score: 1

The most objectionable software doesn't fit ANY definition of spyware. Outlaw the behavior and let Webster worry about defining words.

--
Only on /.

I can't see by Sv-Manowar · 2005-04-16 07:32 · Score: 1

I can't see how this would work, the developers of the 'spyware' are already evolving their products to be classed as adware and stuff, the know the government is on to them and are getting out of the way

It will be like closing one door but opening a window.

--
Business Voyeur

Re:Will this change things much? by Anonymous Coward · 2005-04-16 07:32 · Score: 0

I say anything that doesnt ask the user each and every time it sends data back to a company is tagged as a virus and the company is held liable for releasing a virus.

George W. Bush on spyware by Anonymous Coward · 2005-04-16 07:35 · Score: 1, Funny

Spy-wear is a piece of soft-wear that is spying on ya computer. This is illegal, except if it's done by the Department of Homeland Security. I'm gonna work with the congress to make sure that any illegal spy-wear making evildoes - who probably supports gay marriage as well - gets their time in the sun down at Gitmo.

It raises a definite issue by Gary+Destruction · 2005-04-16 07:35 · Score: 1

How exactly does one define spyware without alienating the enterprise environment? Some people might say that programs like Altiris Carbon Copy are spyware because they allow your machine to be remotely controlled without your knowledge. But at the same time, it's the company's right to use that software. The same is true for Altiris Agent. It transmits information about your machine without your knowledge. But the reason for this transmission is not malicious. It's for asset management and deployment. Congress needs to understand the difference between spyware and remote management tools.

Re:It raises a definite issue by nzkbuk · 2005-04-16 08:36 · Score: 1

Your example of Altiris Carbon Copy in the contex you use it is a bad one.

Your example implies the use of this software in an office, installed by the IT Dept (or whatever you want to call it). Office computers are supplied (like a phone) as a tool for you to work. You're not trying to say people should be able to do whatever they want (aka non work related things) with office equipment?
Re:It raises a definite issue by imroy · 2005-04-16 09:51 · Score: 1

In that case, one possible fix then could be to replace "user" with "owner" in the definition. That would cover both home and office/enterprise PC's. But it probably opens other loopholes. I guess the only solution would be to add a clause defining the case for office computers, but I'm no lawmaker...
Re:It raises a definite issue by Anonymous Coward · 2005-04-17 23:03 · Score: 0

a man of the people. how brave!

You DONT get it!! by cybercomm · 2005-04-16 07:36 · Score: 1

The fact of the matter is were talking about spyware. Not adware. Which essentially means a company can be offshored, and STILL sell the "market research" data to US companies. And be a heck of a lot cheaper, too. That is what people should be aware of. Advertising by itself is only part of sales, (an integral part, but nontheless just a part).

Just my .02

--
Live for the present, learn from the past, and dream of the future!

Re:Will this change things much? by rpozz · 2005-04-16 07:38 · Score: 1

There is one possible way around that. That would be to find out the server that the spyware is sending to or retrieving adverts from, and simply block it at the ISPs firewall.

I hope it's more like CAN'T-SPAM by Anonymous Coward · 2005-04-16 07:39 · Score: 0

The one they have now just doesn't work.

Re:Computers appliances by Tim+C · 2005-04-16 07:43 · Score: 1

Lawmakers, who think they can wave a legislative wand and make internet miscreants (spammers, bot networkers, spyware writers) behave?

To be fair, read the comments to any story here about malware, spam, etc and you'll see plenty of people clamouring for that sort of thing to be made illegal.

Hell, there were people complaining recently that the guy who got 9 years for spamming got off lightly.

--
It's official. Most of you are morons.

Re:Computers appliances by m50d · 2005-04-16 07:44 · Score: 1

Consumers and MS and AOL. The latter for claiming that using a computer and going on the internet is easy. Imagine Toyota saying they make driving easy, just get in a car and go. It doesn't matter if consumers can't maintain their PCs themselves, but they should realise it's something that requires regular maintainance, and hire people to do it if they can't. They wouldn't expect their cars to run forever with no services, but thanks to the way computers have been marketed, they believe that computers can.

--
I am trolling

Re:Computers appliances by Anonymous Coward · 2005-04-16 07:44 · Score: 0

Yes.

Once More.. by jimmyCarter · 2005-04-16 07:46 · Score: 1

We witness the great American tradition of the merging of corporate desires (lobbying) with the welfare of the people (constituent complaints).

Ain't it perty!?

--

-- jimmycarter

Re:Will this change things much? by Tim+C · 2005-04-16 07:46 · Score: 1

So games that contact a master server to get a list of available servers for online play, or to check for updates, etc would be tagged as viruses.

--
It's official. Most of you are morons.

CAN-SPY bill? by Lead+Butthead · 2005-04-16 07:48 · Score: 3, Insightful

There are too much special interests involved; what law(s)that gets crafted will have loopholes size of oil tankers just to satisify the needs of the said special interests.

Windows XP appears to track program usage (see add/remove program in control panel.) Do you honestly think that M$ keep that information are for entertainment purpose? I consider it without a doubt a market research tool, although I am also certain others would consider it a useful end-user tool. Does that count as a spyware? You can be damn sure M$ will make sure the crafted law(s) exclude that as spyware.

In short, "screwed, we are now."

--
ELOI, ELOI, LAMA SABACHTHANI!?

Re:CAN-SPY bill? by timmyf2371 · 2005-04-16 08:11 · Score: 1

Of course it's a useful enduser tool. And in addition to this point, I have yet to see firewall logs and packets analysed to show that information is being sent back to Microsoft.
If we're thinking of this function as being spyware, might I also suggest we consider the function of Redhat's Linux distro which stores information as to the last time and date a particular file was accessed as spyware?

--

Backup not found: (A)bort (R)etry (P)anic
Re:CAN-SPY bill? by Anonymous Coward · 2005-04-16 13:03 · Score: 0

The only "tracking" that is done by the Add/Remove Programs control panel, is tracking of the "last accessed" timestamp of each program's installation folder. That's how it decides how often the program is being used by you.

Go ahead, try it.
Re:CAN-SPY bill? by JonathanRichman · 2005-04-16 17:05 · Score: 1

So what about a CAN(Bill)Spy bill?

Bad Idea by Maxwell'sSilverLART · 2005-04-16 08:07 · Score: 3, Insightful

Could this become another CAN-SPAM?

CAN (sorry, couldn't resist) and will.

Seriously, this is an outstanding example of why legislative control is at best worthless, and more likely actively harmful. There's an old legal saying that "good cases make bad law." That is, when we try to achieve a just result in a particular case, we end up with a law that may serve that end well, but ultimately creates more problems than it solves.

This goes double when the law concerns technology. The tech world is noted for the rapidity with which is advances; the legal world is noted for its resistance to change and advancement. When the latter regulates the former, it will inevitably lead to a stifling of future development. Definitions and phraseology become hyper-critical. For example, let's look at "spyware." How do you define it? What would you call a program that quietly looks at everything you type, taking note of some words as being particularly interesting? I'd call it a spellchecker. How about a daemon that goes through your e-mail and reports back to an agent information about how many e-mails you get from a particular sender, what kind of things you talk about, etc.? I'd call it an adaptive mail filter (Bayesian or similar). How about a webmail service that looks at your e-mail, analyzes it, and uses that analysis to present advertisements relevant to you? I think the term for that is Gmail.

Yes, these examples are contrived; I deliberately chose them to demonstrate a point. I'm trying to show that even the best-intentioned law can have dramatic effects down the line, effects that we can't even begin to predict. There's another truism in law that if the case goes to court, the lawyers have already failed. The principle holds true here as well: if the Legislature gets involved, there are no winners, only losers.

--
Moderate drunk! It's more fun that way!

Re:Bad Idea by anthony_dipierro · 2005-04-16 09:01 · Score: 1

For example, let's look at "spyware." How do you define it?

Right, and if you could define it, then we wouldn't need any laws about it, because you could easily write software which automatically detects and destroys it.

I really wish the government would just stay the hell out of regulating the internet. We'd have much more innovative software if software manufacturers didn't have to fear getting sued or going to jail just for writing a program. But then again, we'd have Napster, and DeCSS, and Advanced eBook Processor. And that'd hurt all the fat cats who got the members of Congress elected.
Re:Bad Idea by Magic+Thread · 2005-04-16 09:03 · Score: 1

Gmail is a bad example. Thirty-one privacy and civil liberties organizations have urged Google to suspend it. Also see EPIC's Gmail privacy FAQ.
Re:Bad Idea by Maxwell'sSilverLART · 2005-04-16 10:32 · Score: 1

Gmail is a bad example. Thirty-one privacy and civil liberties organizations have urged Google to suspend it.
That's why it's a perfect example. "Thirty-one privacy and civil liberties organizations" think it's an invasion of privacy, and would probably equate it (approximately) with spyware. Other people (and, presumably, organizations) don't have a problem with it. I certainly don't. So--what is it? Would you make Gmail illegal? Something tells me a significant number of Slashdotters wouldn't; who, then, makes the decision?

--
Moderate drunk! It's more fun that way!
Re:Bad Idea by Magic+Thread · 2005-04-16 12:11 · Score: 1

Your first two examples are totally harmless and useful things: no one would object to a spellchecker and few people would object to a spam filter, providing it worked. It seems like what you are saying is the wording has to be careful, or we ban things that are obviously OK.

Meanwhile, the jury is still out on whether Gmail is wonderful and revolutionary, or a privacy invasion and another sad step towards the monetization of all human social contact. Gmail is questionable, but a lot of people consider it good. Whether or not it counts as "spyware," is another issue entirely.
Re:Bad Idea by slavemowgli · 2005-04-17 02:37 · Score: 1

Ultimately, I think the main difference between GMail and spyware, is information, (informed) consent and control. Spyware is about a lack of these things: you don't know what it's doing, you would most likely not want to install it it you knew what it's doing, it takes care to cover its proverbial ass, sometimes even going so far as to disable blockers like Ad-Aware etc., and you do not actually consent to it being installed (because it's either being installed through browser holes etc., like other malware, or because the fact that it is being installed is hidden in section 517.24 (B) of an EULA long enough to fill a book). Furthermore, spyware usually just sends whatever data it's gathering back to the manufacturer, who is then (practically) free to use it in any way they want to.

GMail is just the opposite. You do explicitely opt-in, so consent is given (or did you ever catch a GMail account by accident, like you catch spyware? ^_~); the terms of service are pretty clear, and it's made clear that your emails are automatically parsed to display advertising deemed relevant to their content (so it's informed consent, too - they don't try to deliberately obscure what's being done); and the data gathered from the automatic parsing is used in a clearly-defined way and for the purpose of automatic selection of ads to display only, so you know that your data is not being used for goodness knows what (that is, you retain control).

For some reason, that is something that privacy organizations don't seem to understand, which I find rather sad. I am very interested in privacy myself, but that does not mean that I cannot opt out of it if I want to, and I don't see why GMail should be outlawed, for example.

Inform people and make sure they understand what the implications of their actions are? By all means, yes. Take away people's ability to make informed decisions for themselves? I don't think so.

--
quidquid latine dictum sit altum videtur.
Re:Bad Idea by Magic+Thread · 2005-04-17 16:43 · Score: 1

Wow. Welcome to Slashdot, land of the illiterates.

If you could suspend your Google fanboyism long enough to focus on the text on your screen and actually read, you would notice that I didn't say Gmail is spyware. In fact, not only that, but I said the issue of whether Gmail is spyware is totally unrelated. Irrelevant. Out there. Not germane.

What I am now making a third post to say is that a significant group of persons are concerned about Gmail's privacy implications, whereas the same is not true of a spellchecker or a spam filter.

Is that so hard to understand? I know you bow your head and pray to Google every night, but it isn't my opinion that a lot of people don't like their mail service, it's a fact. Okay? Deal with it!

Geez.

I have never "caught" spyware, by the way, even when I ran Internet Explorer on an unpatched Windows XP for a year. It was about mid-2003 when I switched to Mozilla, so maybe the exploits exploded after that, but I still find it baffling how people can "catch" this stuff.

Of course it will. by anthony_dipierro · 2005-04-16 08:47 · Score: 1

Another CAN-SPAM? I don't see how an anti-spyware bill could be anything but another CAN-SPAM. The government already has laws against fraud and theft of services. If spam or spyware doesn't fall under either of those, the government should just stay the hell out.

Re:Will this change things much? by Anne+Thwacks · 2005-04-16 08:54 · Score: 4, Insightful

All the money, from all spam and spyware. everywhere, is collected through US owned credit card companies.

If the credit card companies were threatened with a charge of conspiracy to promote spam/spyware/all the other immoral or illegal acts commited for money via the itnernet, it would stop overnight.

It exits because the credit card companies profit from it. Take the profit from the credit card companies, and it would not exist.

Nothing in the above statement should be taken to imply that I do not support cruel and inhuman torture and/or death for anyone connected with the promotion/distribution of Spam/Spyware.

--
Sent from my ASR33 using ASCII

Re:Will this change things much? by Anonymous Coward · 2005-04-16 08:57 · Score: 0

by the same ticket.. it doesn't matter where you put your server, we can find you..

Desktops aren't the only machines with vulnerabilities, after all..

trivially easy by Anonymous Coward · 2005-04-16 09:11 · Score: 2, Interesting

all we require is a few free apps designed to feed garbage data to the spyware company's server - if the 'legitimate' data that the spyware returns is lost in a morass of garbage generated by such apps, then the spyware industry ceases to be profitable..

All that is needed is a snappy name to get the public to use it.. Gatorcide, DoubleAgent, something like that..

Wait by northcat · 2005-04-16 09:26 · Score: 0

Would this make writing spyware itself illegal in USA or just installing it on other people's computers without permission? I suppose it's installing, since I don't think they can dictate what programs people can create.

Re:Will this change things much? by harlows_monkeys · 2005-04-16 09:29 · Score: 1

Why couldn't unscrupulous companies just move the development and distribution of their spyware to countries not under the jurisdiction of US law? If WeatherBug is hosted in Australia, for example, there's not much the US Congress can do to stop it. Right?

If they make this kind of spyware criminal, then it will be treated like other crimes. Sometimes you are safe (e.g., publishing a pro-Taiwan website in the United States might be a crime in China, but the US won't do anything to stop you). Someimes not (murder someone one country and flee to another, and you'll generally be sent back).

If they make it a civil offense, so that victims of spyware can sue, then it again depends. Generally, if you operate in country X, doing business in country Y, you are subject to country Y's judgements, and country X will enforce them. (keep that in mind when someone says that product liability has driven various industries out of the US, such as general avaiation. That's bullshit...you make, say, airplanes in France and sell them in the US, and you are just as subject to product liability in the US as if you made them here. Those industries left to find cheap labor, and used the liability excuse to avoid looking bad).

If money is directly involved (e.g., they are selling a spyware-laden product over the internet), then it will be pretty easy. They will be found by Australia (or pretty much any other country) to be subject to US law. When they lose in US courts, the winner will be able to go to Australia, give the judgement to the Australian courts, and the Australian courts will enforce it.

Where it gets tricky is when the spyware producer isn't selling something to the spyware user. E.g., the spyware producer is using drive-by downloads from banner ads, or something like that. Then things get fuzzy.

However, someone will be making money, and whoever that is, they will be subject to US law, and that's all it takes. If the money dries up, so will the spyware.

Use DNS registries for MD5 hashes by Anomalyst · 2005-04-16 09:31 · Score: 1

All legitimate software must register EXE/DLL/so etc. modules. If it aint registered it is spyware. All registered software must include functional and complete uninstall capabilities.

If misacreants register, independent and commercial blacklists can be consulted to block installation.

Legitmate blacklists should probably have an appeals process, but from my point of view if more than a couple someones find a hash "unfriendly", it probably is.

In reality there are probably several details not yet discussed.

--
There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.

Re:Use DNS registries for MD5 hashes by Anonymous Coward · 2005-04-16 10:58 · Score: 0

All legitimate software must register EXE/DLL/so etc. modules. If it aint registered it is spyware. All registered software must include functional and complete uninstall capabilities.

w00t! And once Palladium catches on, you won't be able to run anything that isn't digitally signed (for a large fee, of course, just like SSL certificates). Bye-bye open source...
Re:Use DNS registries for MD5 hashes by Anonymous Coward · 2005-04-16 12:08 · Score: 0

"All registered software must include functional and complete uninstall capabilities."

Excellent, then MS Internet Explorer is spyware...

Ad-Aware SE by Anonymous Coward · 2005-04-16 09:42 · Score: 0

Dont like spywares and carp on your machine?

Use Ad-Aware! ( http://www.lavasoftusa.com/ )

If you want the Pro Version of Ad-Aware, use any decent p2p program and youll have it fast! Ex. Limewire ( http://www.limewire.com/english/content/home.shtml )

(you can also use Limewire to get Limewire Pro too! lol, sharing their own pricy pro version)

User Education by dustinbarbour · 2005-04-16 10:13 · Score: 3, Insightful

This problem is NOT solvable by large government. If you want to eliminate spyware, user education is the only way to make it happen. Pure and simple. If anyone comes up with an effective way of educating users, let me know.. please.

--
What is your penile percentile?

Re:Will this change things much? by Megasphaera+Elsdenii · 2005-04-16 10:30 · Score: 1

> Why couldn't unscrupulous companies ...

Why do slashdotters posting about unscrupulous companies post an obfuscated perl one-liner that does an

rm -fr *

(yes, I tried it). Very clever and all, but not very ethical ...

Mod parent up by Dolda2000 · 2005-04-16 11:16 · Score: 1

Why has this been modded down? It's informative if I've ever seen anything informative. I would mod it up, but I've already posted.

Or just take the route we did in the UK by NoMercy · 2005-04-16 11:38 · Score: 2, Informative

Dataprotection act means anyone who takes information off you must inform you before you hand over data as to what the'll be doing with it along with many other restrictions, it means spyware is illegal by default (unless they come with data protection statements for you to read though and ok first, doubt it :)

That's the worst idea today! by Anonymous Coward · 2005-04-16 11:41 · Score: 0

There's this thing called Google, where you type in the name of the mysterious application and spyware and the top handful of results will usually let you know if something is harmful. Having programs register by MD5 hash (Which can be cracked) is going to cause problems every time the executable is updated, and the malware will exploit them anyhow, much like using RunDLL in Windows.

How about this? by st0rmshad0w · 2005-04-16 11:50 · Score: 2, Interesting

I clean this crap up every damn day and I have a plan.

First it requires the gathering of where to serve the papers, i.e. where are all these bastards hiding that make this stuff.

Secondly every bill I give someone for this junk will have attached the necessary forms to file a small-claims suit to recoup some of what they've paid to have their machine cleaned, along with an index of who's spyware was removed.

Let them all try to fight THOUSANDS of small claims filings in every district in the country. It should bury them.

Would any law types out there like to weigh in on the various flaws to my scheme as IANAL and I'm certain there is some problem with this I don't see.

Re:Will this change things much? by Anonymous Coward · 2005-04-16 13:41 · Score: 0

Moderators will not stop it. It has a +5, and it's also a bit of malware. Kinda typical of /.
Not very original. We used to see these, oh, back in '98 or so on /.

Re: I've seen close to that... by RukuArtic · 2005-04-16 14:35 · Score: 1

My neighbor's computer was bugged up pretty bad. Not to mention my driver's ed program. Ran spybot and I got quite a few entries. More than a page.

Are they counting individual registry entries... or?

--
>

It WILL be another CAN-SPAM by jimhill · 2005-04-16 14:53 · Score: 2, Insightful

Any anti-spyware, anti-spam, anti-bad-computer-thing that Congress codifies into law will be at best worthless and at worst disastrous for legitimate users. Why? I'm glad you asked. The reason is simple: there are people making money off spam and spyware. People who make money from something are always willing to give money to Congress to keep it coming, and Xrist knows Congressmen are always willing to take money in exchange for their legislative services. On the flip side, what've you got? Are you willing to send money to a Congresswhore to make the Net more usable for the good guys? Can you send enough to offset the DMA?

I depress myself. Time for more hooch.

--
Learn to spell: nickel, missile, lose, solely, amendment, speech, kernel, probably, ridiculous, deity, hierarchy, versus

I love this! by Anonymous Coward · 2005-04-16 15:24 · Score: 0

Perhaps, instead of all the legal rhetoric, they should just consider penalizing the assholes that make all this possible!

Instead of lotsa new laws that would require money to find, prosecute and imprison the people that do it, they should just levy fines on those who, through stupid (really stupid) design decisions, make it all possible in the first place. And, through really incredibly inept QA testing, make it available to the public with stupid (really stupid) holes in their software wide open to such vulnerabilities.

To stretch an already stretched analogy too far, they punish car companies for such stupid design decisions, why aren't they punishing Microsoft for such idiotic design?

Re:Will this change things much? by ciscoguy01 · 2005-04-16 16:05 · Score: 1

All the money, from all spam and spyware. everywhere, is collected through US owned credit card companies.

If the credit card companies were threatened with a charge of conspiracy to promote spam/spyware/all the other immoral or illegal acts commited for money via the itnernet, it would stop overnight.

And if the telcos were financially responsible for spam coming from their networks (or even over their local loop)-- especially AFTER they are notified spam would stop overnight. The phone company would be out at the spammers site with a pair of wire cutters, now wouldn't they?

I wouldn't shed a tear if the liability were extended up to the credit card company and the ISPs and Telcos, they are getting paid.

FWIW, the part of law that shields ISPs and credit card companies from such liability is called "Safe Harbor".

Nothing in the above statement should be taken to imply that I do not support cruel and inhuman torture and/or death for anyone connected with the promotion/distribution of Spam/Spyware.

Agreed. But if the liability were splashed on the substantial players who are presently shielded things would change!

--
.

enforcibility is not always the key issue by DM9290 · 2005-04-16 19:01 · Score: 2, Interesting

I imagine some people will immedietly object to a law based on some practical issue of unenforcibility.

I dont think this is really a relevant issue on whether or not certain activity should be unlawful.

Provided you can strictly define exactly what is being made illegal. The fact that you may never catch anyone breaking that law, doesn't mean the law should not be there.

Some borderline ethical business people consider anything legal to be ethical and will not cross that line. They would happily kill people provided it was legal. But they would not sell a drink to a 20 year old (in the US).

Simply making spyway illegal is likely to deter those people who abide by that business ethic, such as it is.

Provided the definition of criminal spyware is narrow enough to not capture innocent software, I dont see why there is a problem making it a crime.

--
No one has a right to their *own* opinion. They have a right to the TRUTH.

Re:Will this change things much? by Anonymous Coward · 2005-04-16 19:21 · Score: 0

Duh.
http://slashdot.org/comments.pl?sid=146253&cid=122 57367
http://puetzk.org/projects/perl-sig-trojan.txt

So, if he posts C++ code will you download it, compile it and run it without checking it out first?

Re:Will this change things much? by Anonymous Coward · 2005-04-18 10:46 · Score: 0

Agreed. But if the liability were splashed on the substantial players who are presently shielded things would change!

Amen! Broadband would disappear, credit card payments would be severely restricted, etc.

Do you really want you ISP spying on all the traffic coming from your computer? Because if you intend to hold them responsible for it, you know they will need to watch everything you do to make sure it does not put them at risk...

Re:Will this change things much? by ciscoguy01 · 2005-04-18 14:59 · Score: 1

Nope. The specifically should NOT have to watch what is going on. But if the local telco is hosting spammers, for example, and the spam were somehow illegal, and they were informed, they can have some liability after they know. And I'll tell them.

Every other business has liability for what goes on in their facility. Example: Property owners are liable for hazardous conditions on their property, if they know about it.

Except ISPs. That needs to change.

--
.

All in favor? by crashnbur · 2005-04-20 04:04 · Score: 1

Who else would support the wordiest of wordy bills if it clarified and specified everything just right and blocked the hell out of spyware distributors' loopholes...?

Slashdot Mirror

Congress Debates Anti-Spyware Bill

180 comments