To Print: Click here or Select File/ Print from your Browser Menu.

 

  Article printed from SiteProNews: http://www.sitepronews.com
  HTML version available at: http://www.sitepronews.com/archives.html

The Ten Truths About Spyware
by Wayne Porter ©Copyright 2004

No one should be too paranoid, but an informed user is a safe 
user. Spyware has recently begun cascading into the computer 
market at an astonishing rate. Surprisingly there are a lot of 
misconceptions about what spyware really is and how dangerous it 
can be.  

Fact #1: Spyware and Adware are fundamentally different- This is 
important and often made confusing by the media and privacy 
advocates. Many people have the common misconception that spy 
software is made by advertisers to profile their shopping and 
surfing habits. This is a false and potentially dangerous 
assumption.  

This misconception probably stems from the fall of two 
companies- Radiate and Conducent. Both of these companies 
attempted to sell banner space inside of freeware applications 
and to share this revenue with software authors in exchange for 
letting them distribute and selling space inside the freeware. 
This seemed to be a fair deal but what they didn't disclose to 
software authors and didn't tell consumers is that they were 
secretly profiling and logging surfing habits and sending this 
information back to their servers for analysis.  

Conducent and Radiate are no longer functioning, or at least 
they don't seem to be, but they left the legacy of adware 
paranoia with them. Adware may have spyware-like features, it 
may profile shopping habits, it is usually annoying, has the 
potential to be a security threat but it is nowhere near the 
security threat that real spyware can be. In short most Adware 
is not trying to capture your secret chats, e-mails or 
passwords. It usually is trying to entice you to buy something 
by showing ads, throwing out pop-up windows, profiling your 
surfing habits or gathering broad and general information about 
you.  

Fact #2: Spy software creates dangerous security holes- The 
latest "rage" among spyware vendors is the ability to let the 
spy remotely connect to the target's computers. Right now we 
have identified several spyware programs opening a default port 
on the system and using a hard-coded or default, easy to guess 
or easy to brute force password. We have analyzed and carried 
out simulated attacks in this scenario. Hackers can use a simple 
port scanning tool to scan entire networks and easily penetrate 
affected machines.  

People who have certain remote spyware programs installed on 
their machines are literally sitting ducks. Ironically, in the 
case of shared-machine spousal spying, the spy has actually 
opened themselves up to severe security threats because they 
operate on the same machine as the victim. The very same spyware 
that was supposed to protect their children by monitoring their 
activity is now leaving them vulnerable to outside attacks.  

Fact #3: Spyware is often illegal- The use of Spyware or key 
recorders is illegal in some countries. If you are thinking 
about spying on people's computers then think again. It may 
carry stiff legal penalties, up to and including prison time. In 
the U.S. installing a keylogger or spyware on someone's machine 
without their permission carries severe legal penalties.  

Unfortunately there are virtually no laws currently restricting 
an employer from monitoring computers in the workplace for 
citizens of the United States. The good news is there is pending 
legislation to tighten these rules focusing on requiring 
notification of employees if their computer activity is being 
monitored. As of today this disclosure is not required.  

Recently The Utah state legislature passed a bill, the Utah 
Spyware Control Act, outlawing certain activities in which most 
spyware engages. This includes, without first seeking permission 
from the owner of the computer, reporting online behavior, 
sending information about a user to third parties and creating 
pop-up advertisements based on the context of a web site a 
person is visiting. Currently this bill is being challenged by 
WhenU, a large adware vendor, on the grounds of limiting free 
speech.  

Fact #4: Spyware is common- We know what you might be thinking; 
spy software seems rather "James Bondish" and beyond the reach 
of average users. This is not so. It is now mass-marketed, cheap 
and very easy to acquire. You can find spyware for sale through 
Internet auctions, via e-mails (often sp@m), and all over the 
Web. You can even get spyware for free if you know where to 
look.  

Fact #5: Spyware is easy to install- There are no special 
technical skills needed to install these programs. A teenager 
can do it and according to reports received by ourselves and 
other anti-spyware vendors they sometimes do. Spy software 
companies have made it very easy for just about anyone to start 
spying. We have documented cases of children installing spyware 
on their parent's machines to circumvent parental control 
software. 

Fact #6: Spyware may be sold under legitimate pretenses- Many 
spy programs are marketed as "child monitoring systems" when in 
fact they are bought by employers, spouses, and other 
individuals for the sole purpose of gathering system and 
personal information without a user's consent. Because of this 
"legitimacy" these programs are often missed by anti-virus 
software designed to target viruses and trojan horses. Let's be 
realistic, spy software makers know exactly why people are 
really buying these programs.  

We believe parents have a right to monitor there children but if 
a system is monitored it should be made clear this software is 
in place and the software should give the user adequate warning 
while it is in operation. The same holds true for employers and 
employees.  

Fact #7: Spies intentionally 'misuse' monitoring software- 
Established spy software companies usually ask purchasers to 
agree through a EULA (End User License Agreement) not to monitor 
users without their knowledge and consent. You guessed it- most 
spies have absolutely no intention of letting users know they 
are under surveillance.  

Fact #8: Spyware software can be detected- Spy software makers 
will go to great lengths to convince users they are 
'untraceable' or they cannot be sniffed out by 
counter-surveillance probes. While spyware makers often use 
very sophisticated counter-detection and stealth technologies 
the vast majority of them can be scanned against and removed. If 
it is being sold on the commercial market- it can be targeted.  

Fact #9: Some commercial spy programs are repurposed 'Trojan 
horses'- This is sad but shockingly true. Some spyware vendors 
have gone as far as to repurpose old Trojan horse programs found 
on technical minded boards and are selling them as new spy 
technology. (A Trojan horse is a malicious, security-breaking 
program disguised as something benign.)  

Fact#10: Deleting history and computer use logs does nothing 
against true spyware- While erasing usage history is useful to 
protect your privacy this type of protection is useless if your 
activity is being logged or snapshots are being taken of your 
computer use. Deleting history, files, cache and cookies cannot 
and will not protect you against the prying eyes of active spies 
on your machine.  

The safest way to remain free from spyware is to use one or more 
anti-spy programs that actively scan your system for intrusion 
and utilities that help inoculate your system from penetration. 
Good anti-spy programs will use a variety of methods for 
detection including registry scanning, md5 signatures, digital 
fingerprints, filesize, CLSID, windows titles and other traces 
that spyware leaves on your machine.  

Even with anti-spy software programs active, do not develop a 
false sense of security. The battle to contain these programs 
rages on daily basis with some rogue programs creating over 
two-hundrend variants in a single day! One lapse in security can 
lead to unwanted infection, so above all- use common sense. Don't 
download files from sites you don't know or trust, don't use P2P 
file sharing software, do not open e-mail attachments and be 
sure you have good anti-virus and firewall software running at 
all times. 

================================================================
Wayne Porter is the Co-Founder of SpywareGuide.com a leading 
online database of spyware and adware information. Mr. Porter 
also serves as CEO of Xblock Software the creators of the 
popular X-Cleaner and RegBlock personal privacy products.  
================================================================

  

Copyright © 2004 Jayde Online, Inc.  All Rights Reserved.

SiteProNews is a registered service mark of Jayde Online, Inc.