Slashdot Mirror

← Back to Stories (view on slashdot.org)

Congress Debates Anti-Spyware Bill

Posted by timothy on from the officialization-has-a-downside dept.

Spy der Mann writes "An anti-spyware bill could clear the U.S. House of Representatives as early as next week, but there are disagreements on how to define the term 'spyware.' A wrong decision could end up in two opposite directions: Either a law too restrictive for legitimate companies, or a "safe harbor" for some malicious spyware distributors. Could this become another CAN-SPAM?"

4 of 180 comments (clear)

  1. Wow! by janek78 · · Score: 5, Insightful

    From TFA: The average "infected" computer had more than 90 spyware and adware programs.

    I doubt I have that many legitimate programs installed in my computer and I don't think these guys have either. The thought that their computers contain more spyware than software is scary.

    I don't believe that a law can change this though. It might decrease the number of US based spyware companies, but I doubt the effect will be noticeable.

    More secure browsers and user education seem like a better solution.

  2. Re:whisky tango foxtrot by Rosco+P.+Coltrane · · Score: 5, Insightful

    It's not windows fault that there is spyware.

    Yes. Most other OSes generally don't let foreign programs run willy-nilly and do things behind users' backs.

    It's idiots who buy products that are being advertised. If you stop buying penis enlargement pills, etc. Spam would stop.

    Spam != spyware.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  3. The final solution by archevis · · Score: 5, Funny

    Could somebody please patent spyware/adware and start suing...?

  4. Re:whisky tango foxtrot by Anonymous Coward · · Score: 5, Informative
    its real easy to see what auto starts, 2 registry keys and one folder in the start menu

    Um, no:

    Some info from http://www.nohack.net/methods.htm


    1. Start Menu\Programs\StartUp {English}
      The Shell=Explorer.exe line in system.ini
      The load= line in win.ini Under the [windows] section.
      The run= line in win.ini Under the [windows] section.
      Hkey_Local_Machine\Software\Microsoft\Wi ndows\Curr entVersion\Run
      Hkey_Local_Machine\Software\Micros oft\Windows\Curr entVersion\RunOnce
      Hkey_Local_Machine\Software\Mi crosoft\Windows\Curr entVersion\RunOnceEx
      Hkey_Local_Machine\Software\ Microsoft\Windows\Curr entVersion\RunServices
      Hkey_Local_Machine\Softwar e\Microsoft\Windows\Curr entVersion\RunServicesOnce
      Hkey_Local_Machine\Sof tware\\Microsoft\Windows\Cur rentVersion\RunOnceEx\000x "RunMyApp"="||notepad.exe"
      Hkey_Current_User\Soft ware\Microsoft\Windows\Curre ntVersion\Run
      Hkey_Current_User\Software\Microsof t\Windows\Curre ntVersion\RunOnce
      Hkey_Current_User\Software\Micr osoft\Windows\Curre ntVersion\RunServies
      The [386enh] section of system.ini (this includes the scrnsave.exe= line in system.ini which can be used to run things on your system.
      The [boot] section of system.ini (this includes the scrnsave.exe= line in system.ini which can be used to run things on your system
      The IOSUBSYS folder (drivers load automatically)
      The VMM32 folder (drivers that take precedence over those built into vmm32.vxd)
      config.sys
      autoexec.bat
      winstart.bat
      wininit.ini

    That's 20(!), and I havent' even gotten into stuff like this:

    [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*"
    The key should have a value of Value "%1 %*".
    Backdoor example:
    [HKEY_CLASSES_ROOT\exefile\shell\open\co mmand] @="\"trojan.exe %1\" %*"

    With such registry entries, the trojan.exe is executed each time an *.exe is executed. /blockquote .. and there are versions of that for .com, .bat, .hta, .pif.

    And of course, "If a trojan installs itself as c:\explorer no run keys or other start-up entries are needed."

    So, quit the BS about " 2 registry keys and one folder".