Slashdot Mirror
Congress Debates Anti-Spyware Bill
Spy der Mann writes "An anti-spyware bill could clear the U.S. House of Representatives as early as next week, but there are disagreements on how to define the term 'spyware.' A wrong decision could end up in two opposite directions: Either a law too restrictive for legitimate companies, or a "safe harbor" for some malicious spyware distributors. Could this become another CAN-SPAM?"
Spam and Spyware are like Porn - Hard to define, but you know it when you see it.
what is happening on my pc isn't business of anybody else. period.
And they plan to enforce this... how?
One effective way to enforce this would be to render Windows illegal to use across the nation...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
From TFA: The average "infected" computer had more than 90 spyware and adware programs.
I doubt I have that many legitimate programs installed in my computer and I don't think these guys have either. The thought that their computers contain more spyware than software is scary.
I don't believe that a law can change this though. It might decrease the number of US based spyware companies, but I doubt the effect will be noticeable.
More secure browsers and user education seem like a better solution.
Last time I checked fruad was illegal too, but guess what...
Life is pleasant. Death is peaceful. It's the transition that's troublesome. - Isaac Asimov
the CAN-SPY act?
This article is just begging for a slightly condecending comment about how computers are not yet plug-n-go appliances that the public should be allowed to own without training and/or licensing. But where to point the blame... consumers, most of whom don't know how to change their car's oil or other equvalent activities to computer preventive maintenance? Microsoft ( the slashdot favorite whipping boy) for making it easy to use a computer without knowing anything more than 'click the E for internet'? Dell, for making computers as cheap as appliances? Lawmakers, who think they can wave a legislative wand and make internet miscreants (spammers, bot networkers, spyware writers) behave?
Well, video codex come to my mind, they are stealthily downloaded and installed by the media player.
And most spyware doesnt install so stealthily, at one point the user has to click yes on a dialog (a very obscure dialog it is). So a lawyer could always argue that the installation wasnt stealthy and that the product therefor isnt spyware.
I have discovered a truly remarkable proof for my post which this sig is too small to contain.
Spyware is like a trojan. Treat it that way. If a company tricks you into installing a piece of instrusive software that monitors the actions on your computer, then they should be punished in the same way as if it was a virus.
Enforcing this internationally is a bit more tricky though.
Congress should define spyware as any code that runs on your machine that you did not agree to instal (So if I instal FreeGamePack, I expect to get FreeGamePack and not HiddenBackdoorTorjan. I agreed to instal one but not the other). I remember installing debian once, and it had a list of over 1000 packages, each with a description. I would like to see Windows do that, give me choice. Do you want the Internet Explorer pack? Do you want the Netscape pack? Do you want the Mozilla pack?
The second part of the definition is the software is not allowed to communicate to any other machines unless the owner of his machine allows it. That would kill RealPlayer and their crappy hidden settings.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
"I'm about to install porn_dialer_v1.69.exe, Click OK to continue"
"There are no facts, only interpretations." --Friedrich Nietzsche.
It's working perfectly. It says that people can spam, right? I thought that was pretty obvious though that people are able to spam.
It's not windows fault that there is spyware.
Yes. Most other OSes generally don't let foreign programs run willy-nilly and do things behind users' backs.
It's idiots who buy products that are being advertised. If you stop buying penis enlargement pills, etc. Spam would stop.
Spam != spyware.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
That trying to eliminate spyware is something like the attempt to eliminate P2P...pretty much pointless and ineffective. It's really a user issue...people just have to be smart about what they install, it's really not hard to avoid the really bad spyware...
Reading at high threshold levels is group-think.
Orginally posted by rpozz:
Enforcing this internationally is a bit more tricky though.
That's what our military is for.
Could somebody please patent spyware/adware and start suing...?
Maybe they will start by making all spyware illegal. Then they will notice most of it will come from servers outside the USA. So the next step might be to make software inside the USA incompatible with software outside the USA. Maybe a region lock on all computers, so it can only play software from your country code.
If you want to get a machine which playes region 2 software, do so at your own risk. But I will be safe with my Congress approved region 1 computer. ;) Maybe Congress will even force computers to have a chip on the motherboard, like the Play Station. 90% of people with a play station didn't modify their machine at the hardware level. It is too much work. Congress can make it more difficult to do any activity, and they can increase the penalty. At some point the risk gets too high and the reward is not high enough.
Seriously, there is an easy way to enforce this law. It is with treaties. The USA can force smaller countries to agree not to import into the USA software with spyware. I dunno about the rest of you, but I would HATE to get caught doing ANYTHING wrong in Hong Kong or some country where they will whip me. Remember, the FBI did find that kid in the philippines who wrote the virus a few years ago. He used a public computer to release it, but they tracked him somehow. And now he is in a third world prision.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
You are subject to US law. Now at some point, these people probably have a US stopping point. Maybe the authors are entirely foriegn, but the ad companies that pay them to make it probably aren't. What good does an ad do if it's for something you can't buy in that country? I'm betting somewhere along the chain, there are people in the US that can be held responsable. In most cases, I'm betting the companies are US based.
It's also possible the US could seek extradition over this. You can't run to a foriegn country and hide, if those countries have extradition treaties. I'm not sure they'd bother for something like this, and the other nations might refuse to extradite if it wasn't against their own laws, but it's also a possibility.
There are too much special interests involved; what law(s)that gets crafted will have loopholes size of oil tankers just to satisify the needs of the said special interests.
Windows XP appears to track program usage (see add/remove program in control panel.) Do you honestly think that M$ keep that information are for entertainment purpose? I consider it without a doubt a market research tool, although I am also certain others would consider it a useful end-user tool. Does that count as a spyware? You can be damn sure M$ will make sure the crafted law(s) exclude that as spyware.
In short, "screwed, we are now."
ELOI, ELOI, LAMA SABACHTHANI!?
Could this become another CAN-SPAM?
CAN (sorry, couldn't resist) and will.
Seriously, this is an outstanding example of why legislative control is at best worthless, and more likely actively harmful. There's an old legal saying that "good cases make bad law." That is, when we try to achieve a just result in a particular case, we end up with a law that may serve that end well, but ultimately creates more problems than it solves.
This goes double when the law concerns technology. The tech world is noted for the rapidity with which is advances; the legal world is noted for its resistance to change and advancement. When the latter regulates the former, it will inevitably lead to a stifling of future development. Definitions and phraseology become hyper-critical. For example, let's look at "spyware." How do you define it? What would you call a program that quietly looks at everything you type, taking note of some words as being particularly interesting? I'd call it a spellchecker. How about a daemon that goes through your e-mail and reports back to an agent information about how many e-mails you get from a particular sender, what kind of things you talk about, etc.? I'd call it an adaptive mail filter (Bayesian or similar). How about a webmail service that looks at your e-mail, analyzes it, and uses that analysis to present advertisements relevant to you? I think the term for that is Gmail.
Yes, these examples are contrived; I deliberately chose them to demonstrate a point. I'm trying to show that even the best-intentioned law can have dramatic effects down the line, effects that we can't even begin to predict. There's another truism in law that if the case goes to court, the lawyers have already failed. The principle holds true here as well: if the Legislature gets involved, there are no winners, only losers.
Moderate drunk! It's more fun that way!
If the credit card companies were threatened with a charge of conspiracy to promote spam/spyware/all the other immoral or illegal acts commited for money via the itnernet, it would stop overnight.
It exits because the credit card companies profit from it. Take the profit from the credit card companies, and it would not exist.
Nothing in the above statement should be taken to imply that I do not support cruel and inhuman torture and/or death for anyone connected with the promotion/distribution of Spam/Spyware.
Sent from my ASR33 using ASCII
all we require is a few free apps designed to feed garbage data to the spyware company's server - if the 'legitimate' data that the spyware returns is lost in a morass of garbage generated by such apps, then the spyware industry ceases to be profitable..
All that is needed is a snappy name to get the public to use it.. Gatorcide, DoubleAgent, something like that..
This problem is NOT solvable by large government. If you want to eliminate spyware, user education is the only way to make it happen. Pure and simple. If anyone comes up with an effective way of educating users, let me know.. please.
What is your penile percentile?
Um, no:
Some info from http://www.nohack.net/methods.htm
Start Menu\Programs\StartUp {English}
The Shell=Explorer.exe line in system.ini
The load= line in win.ini Under the [windows] section.
The run= line in win.ini Under the [windows] section.
Hkey_Local_Machine\Software\Microsoft\W
Hkey_Local_Machine\Software\Micro
Hkey_Local_Machine\Software\M
Hkey_Local_Machine\Software
Hkey_Local_Machine\Softwa
Hkey_Local_Machine\So
Hkey_Current_User\Sof
Hkey_Current_User\Software\Microso
Hkey_Current_User\Software\Mic
The [386enh] section of system.ini (this includes the scrnsave.exe= line in system.ini which can be used to run things on your system.
The [boot] section of system.ini (this includes the scrnsave.exe= line in system.ini which can be used to run things on your system
The IOSUBSYS folder (drivers load automatically)
The VMM32 folder (drivers that take precedence over those built into vmm32.vxd)
config.sys
autoexec.bat
winstart.ba
wininit.ini
That's 20(!), and I havent' even gotten into stuff like this:
Of course, there are many spyware programs that make their way into users' computers through holes in IE/DCOM/SMB/ActiveX/what have you, but the fact of the matter is that the majority of spyware comes with other programs, like Kazaa. That means that the user is willfully installing it. Sure, they may not know about it, but that doesn't mean they're not installing it by their own decision. There's nothing in any other OS that would prevent the user from doing that.
The reason why there's no spyware on Linux is not primarily that Linux isn't yet as popular as Windows, as many others suggest. The reason why there's no spyware on Linux (yet) is that most people run free software on their Linux systems, and free software developers... well, don't normally bundle spyware with their programs. If or when proprietary software ever gets popular with Linux, I'll assure you that you'll see an increase in spyware for Linux.
However, mind you that there's nothing inherent in Linux itself to stop it. Any such thing would just prevent the user from doing stuff, and would therefore be hindering users.
Autopackage has a lot of text on this.
Dataprotection act means anyone who takes information off you must inform you before you hand over data as to what the'll be doing with it along with many other restrictions, it means spyware is illegal by default (unless they come with data protection statements for you to read though and ok first, doubt it :)
I clean this crap up every damn day and I have a plan.
First it requires the gathering of where to serve the papers, i.e. where are all these bastards hiding that make this stuff.
Secondly every bill I give someone for this junk will have attached the necessary forms to file a small-claims suit to recoup some of what they've paid to have their machine cleaned, along with an index of who's spyware was removed.
Let them all try to fight THOUSANDS of small claims filings in every district in the country. It should bury them.
Would any law types out there like to weigh in on the various flaws to my scheme as IANAL and I'm certain there is some problem with this I don't see.
Any anti-spyware, anti-spam, anti-bad-computer-thing that Congress codifies into law will be at best worthless and at worst disastrous for legitimate users. Why? I'm glad you asked. The reason is simple: there are people making money off spam and spyware. People who make money from something are always willing to give money to Congress to keep it coming, and Xrist knows Congressmen are always willing to take money in exchange for their legislative services. On the flip side, what've you got? Are you willing to send money to a Congresswhore to make the Net more usable for the good guys? Can you send enough to offset the DMA?
I depress myself. Time for more hooch.
Learn to spell: nickel, missile, lose, solely, amendment, speech, kernel, probably, ridiculous, deity, hierarchy, versus
I imagine some people will immedietly object to a law based on some practical issue of unenforcibility.
I dont think this is really a relevant issue on whether or not certain activity should be unlawful.
Provided you can strictly define exactly what is being made illegal. The fact that you may never catch anyone breaking that law, doesn't mean the law should not be there.
Some borderline ethical business people consider anything legal to be ethical and will not cross that line. They would happily kill people provided it was legal. But they would not sell a drink to a 20 year old (in the US).
Simply making spyway illegal is likely to deter those people who abide by that business ethic, such as it is.
Provided the definition of criminal spyware is narrow enough to not capture innocent software, I dont see why there is a problem making it a crime.
No one has a right to their *own* opinion. They have a right to the TRUTH.