Spyware battles defenseware for control of your PC.
Recently, a letter writer took me to task for claiming that the spam we receive is sometimes linked to the Web sites we visit. “This is impossible,” the reader claimed. “Unless we are foolish enough to give sites our e-mail address in a form, there is no earthly way for a site to figure out a users’ e-mail address.” I wish this were true. The fact is, there is a type of software that can capture a lot more than just your e-mail address. Spyware, which is embedded in your hard drive through cookies, can capture keystrokes, URLs, friends’ e-mail addresses, etc. Once the offending software sends the information to its originator, this information is bought, sold, traded and otherwise used to for the sake of targeted marketing (or more malicious purposes).
Nelson King, a 20-year analyst and columnist for CU and now our editor at large, wrote a great article on spyware in our May issue, which should be hitting newsstands as you read this. In the story he shows how to combat spyware with defenseware. The latter periodically finds spyware and removes it from your machine. Because spyware can be added to your machine without your knowledge or permission from any number of reputable sites, protecting yourself from spyware on a daily basis is as important as regularly updating your antivirus software.
In fact, spyware is very similar to virus malware–intentionally planted software that does damage to your computing experience. Both types of software commit acts akin to breaking and entering. Spyware plants surveillance systems in your computing home; viruses typically commit vandalism in your PC home. They sometimes are combined–spyware Trojan horses can be planted through an e-mail virus. The difference is that spyware is legal and viruses are technically illegal, though the crimes are rarely enforced. This is why the preferred delivery mechanism for spyware is through cookies, because there is no legal risk to the intruder.
A bill introduced in 2000 by Sen. John Edwards and reintroduced in 2001 as part of a larger privacy act never made it very far. The powerful marketing and e-commerce lobbies have killed any and all proposed privacy legislation, with the exception of kids provisions (which have been watered down by the FTC). They always claim that they can police themselves, which is about as ludicrous as Enron executives claiming that they could police themselves, thus their actions should be legalized and their industries deregulated. (Sadly, Enron was successful in lobbying every level of government to get what it wanted.) The good news is, a new privacy bill, which makes opt-in the standard, shows signs of future success. Though it makes no explicit mention of spyware, opt-in provisions would effectively kill spyware as a legal marketing practice.
Critics of the measure, who again claim that they can police themselves, should read our news story on spyware from last Wednesday. In the story, a new kind of malware–antidefenseware–has cropped up. LavaSoft, makers of the free adWare product referred to in Nelson’s story, has found that RadLight, a popular streaming media software, removes AdWare when it’s loaded. Why? Because its maker wants to enable its partners–makers of Divx movies delivered over the Web–to see the users’ movie tastes so that they can target marketing toward them. They don’t want defenseware thwarting their marketing efforts. Imagine a virus that removed your antivirus software, thus allowing a subsequent virus to vandalize your hard drive. Imagine the uproar in the IT community about such a virus. Would the crackers come before Congressional committees claiming that they can police themselves? Why are these spyware crackers allowed to police themselves simply because they have the lobbying dollars to prevent privacy laws?
James Mathewson is editor of ComputerUser magazine and ComputerUser.com