| |
|
The Ten Truth's About
Spyware
c
2004 By Wayne Porter
No one should be too paranoid, but an informed
user is a safe user. Spyware has recently begun cascading into
the computer market at an astonishing rate. Surprisingly there
are a lot of misconceptions about what spyware really is and
how dangerous it can be.
Fact #1: Spyware and Adware
are fundamentally different-
This is important and
often made confusing by the media and privacy advocates. Many
people have the common misconception that spy software is made
by advertisers to profile their shopping and surfing habits.
This is a false and potentially dangerous
assumption.
This misconception probably stems from the
fall of two companies- Radiate and Conducent. Both of these
companies attempted to sell banner space inside of freeware
applications and to share this revenue with software authors
in exchange for letting them distribute and selling space
inside the freeware. This seemed to be a fair deal but what
they didn't disclose to software authors and didn't tell
consumers is that they were secretly profiling and logging
surfing habits and sending this information back to their
servers for analysis.
HIGHLY
RECOMMENDED:
Adaware - Use the Ad-Watch, the feature
that constantly monitors and catches all attempts to install
anything new, rather than just the free scan)
|
|
Get Your own profile
like this one at Adlandpro
Community |
|
Conducent and Radiate are no longer functioning, or at least
they don't seem to be, but they left the legacy of adware paranoia
with them. Adware may have spyware-like features, it may profile
shopping habits, it is usually annoying, has the potential to be a
security threat but it is nowhere near the security threat that real
spyware can be. In short most Adware is not trying to capture your
secret chats, e-mails or passwords. It usually is trying to entice
you to buy something by showing ads, throwing out pop-up windows,
profiling your surfing habits or gathering broad and general
information about you.
Fact #2: Spy software creates
dangerous security holes-
The latest rage among spyware
vendors is the ability to let the spy remotely connect to the
target's computers. We have identified several spyware programs
opening a default port on the system and using a hard-coded or
default, easy to guess or easy to brute force password. We have
analyzed and carried out simulated attacks in this scenario. Hackers
can use a simple port scanning tool to scan entire networks and
easily penetrate affected machines.
People who have certain
remote spyware programs installed on their machines are literally
sitting ducks. Ironically, in the case of shared-machine spousal
spying, the spy has actually opened themselves up to severe security
threats because they operate on the same machine as the victim. The
very same spyware that was supposed to protect their children by
monitoring their activity is leaving them vulnerable to outside
attacks.
Fact #3: Spyware is often illegal-
The
use of Spyware or key recorders is illegal in some countries. If you
are thinking about spying on people's computers then think again. It
may carry stiff legal penalties, up to and including prison time. In
the U.S. installing a keylogger or spyware on someone's machine
without their permission carries severe l%gal
penalties.
HIGHLY
RECOMMENDED:
Unfortunately there are virtually no laws currently
restricting an employer from monitoring computers in the workplace
for citizens of the United States. The good news is there is pending
legislation to tighten these rules focusing on requiring
notification of employees if their computer activity is being
monitored. As of today this disclosure is not
required.
Recently The Utah state legislature passed a bill,
the Utah Spyware Control Act, outlawing certain activities in which
most spyware engages. This includes, without first seeking
permission from the owner of the computer, reporting online
behavior, sending information about a user to third parties and
creating pop-up advertisements based on the context of a web site a
person is visiting. Currently this bill is being challenged by
WhenU, a large adware vendor, on the grounds of limiting free
speech.
Fact #4: Spyware is common-
We know what
you might be thinking; spy software seems rather James Bondish and
beyond the reach of average users. This is not so. It is
mass-marketed, cheap and very easy to acquire. You can find spyware
for sale through Internet auctions, via e-mails (often sp@m), and
all over the Web. You can even get spyware for free if you know
where to look.
Fact #5: Spyware is easy to install-
There are no special technical skills needed to install these
programs. A teenager can do it and according to reports received by
ourselves and other anti-spyware vendors they sometimes do. Spy
software companies have made it very easy for just about anyone to
start spying. We have ocumented cases of children installing spyware
on their parent's machines to circumvent parental control
software.
|
E-Commerce & Weight Loss Distributors wanted to
market HOT weight loss product.
|
Fact #6: Spyware may be sold under legitimate
pretenses-
Many spy programs are marketed as child
monitoring systems when in fact they are bought by employers,
spouses, and other individuals for the sole purpose of gathering
system and personal information without a user's consent. Because of
this legitimacy these programs are often missed by anti-virus
software designed to target viruses and trojan horses. Let's be
realistic, spy software makers know exactly why people are really
buying these programs.
We believe parents have a right to
monitor there children but if a system is monitored it should be
made clear this software is in place and the software should give
the user adequate warning while it is in operation. The same holds
true for employers and employees.
Fact #7: Spies
intentionally 'misuse' monitoring software-
Established spy
software companies usually ask purchasers to agree through a EULA
(End User License Agreement) not to monitor users without their
knowledge and consent. You guessed it- most spies have absolutely no
intention of letting users know they are under
surveillance.
Fact #8: Spyware software can be
detected-
Spy software makers will go to great lengths to
convince users they are 'untraceable' or they cannot be sniffed out
by counter-surveillance probes. While spyware makers often use very
sophisticated counter-detection and stealth technologies the vast
majority of them can be scanned against and removed. If it is being
sold on the commercial market- it can be targeted.
Fact
#9: Some commercial spy programs are repurposed 'Trojan horses'-
This is sad but shockingly true. Some spyware vendors have gone
as far as to repurpose old Trojan horse programs found on technical
minded boards and are selling them as new spy technology. (A Trojan
horse is a malicious, security-breaking program disguised as
something benign.)
Fact#10: Deleting history and computer
use logs does nothing against true spyware-
While
erasing usage history is useful to protect your privacy this type of
protection is useless if your activity is being logged or snapshots
are being taken of your computer use. Deleting history, files, cache
and cookies cannot and will not protect you against the prying eyes
of active spies on your machine.
The safest way to remain
free from spyware is to use one or more anti-spy programs that
actively scan your system for intrusion and utilities that help
inoculate your system from penetration. Good anti-spy programs will
use a variety of methods for detection including registry scanning,
md5 signatures, digital fingerprints, filesize, CLSID, windows
titles and other traces that spyware leaves on your
machine.
Even with anti-spy software programs active, do not
develop a false sense of security. The battle to contain these
programs rages on daily basis with some rogue programs creating over
two-hundrend variants in a single day! One lapse in security can
lead to unwanted infection, so above all- use common sense. Don't
download files from sites you don't know or trust, don't use P2P
file sharing software, do not open e-mail attachments and be sure
you have good anti-virus and firewall software running at all
times.
HIGHLY
RECOMMENDED:
Adaware - Use Ad-Watch, the
feature that constantly monitors and catches all attempts to install
anything new, rather than just the free scan):
ABOUT THE AUTHOR:
Wayne Porter
is the Co-Founder of SpywareGuide.com a leading online
database of spyware and adware information. Mr. Porter also
serves as CEO of Xblock Software the creators of the
popular X-Cleaner and RegBlock personal privacy products.
| |
 Your
Current
Subscriptions |
|
|
 |
|
