U.S. To Impose Spyware Control Laws

ArbiterOne writes "BBC has the story: A bill has been introduced into the U.S. House of Representatives to control the proliferation of spyware and malware. The proposed bill would force programs to inform the user before installing programs, and require that spyware be easily removed. A study by EarthLink found that the average user has 28 spyware programs on their computer!"

But what about SunnComm?

[The Importance of]

Will this bill make it illegal for "copy-protected" CDs to add malware to your computer through autorun? Will they be required to make it easy to remove the malware?

Why use legislation?

[Anonymous Coward]

Why is legislation necessary here? this is a problem that could be solved with just a little technical nous.

Instead, we get another law, pretend it's enough, and find it's as toothless as the paper it's written on.

I have to ask...

[Motherfucking Shit]

Why is it that the Beeb has the scoop on a pending US bill, before I can find this story in any of the major US media outlets?

correction

[bl8n8r]

The average WINDOWS machine has 28 spyware programs on it.

IE of course

[simetra]

It would be interesting to see what percentage of these "victims" used IE as their browser exclusively. I only use IE for sites written by fanboys which require IE. Otherwise, I use Opera. For kicks, I ran spybot on my pc at work and all it found were about a dozen cookies. The techie who suggested doing this says that the typical pc on our network has anywhere from 20 to 50 bad things. Go figure.

Re:Why use legislation?

[Scott Wood]

Because, like spam, it is a behavioral problem, not purely a technical problem. System break-ins and e-mail worms can be prevented by technical means as well, but that doesn't mean it should be legal to carry them out.

How did Earthlink conduct this "survey"?

[setzman]

A recent survey by the US internet provider Earthlink found that the average computer was packed with hidden software, such as cookies tracking online habits.

It uncovered an average of 28 spyware programs on each PC scanned during the first three months of the year.

How exactly was Earthlink able to detect the installed spyware? Tracking outgoing requests that were related to known spyware apps? Or did they allow users to run software that reported back to Earthlink for this survey?

Pointless - another law to make them look good

[jimmy page]

Again, 90% of the spyware ppl will either find away around it or trick ppl into downloading it. This is spam in another form.


At least the lawmakers *look* good.

28 on average?

[qualico]

That's conservative.
If you include the cookies and registry entries that number has been into the hundreds for the clients I have been removing spyware, malware and adware from.

When clients asked how they can legally do that, I can only point to the fact that it says so in the obfuscated end user agreement the company bets your not going read.

SO if this law is passed, just how will it be enforced?

Yes, I am a cynic

[segfault7375]

This is great except for the fact that companies like Claria (aka Gator) will simply buy a politican to say that their "products" are not spyware, and therefore not covered under this bill.

It might work

[14erCleaner]

You know, this actually has a chance of being effective, unlike the anti-spam laws. Spyware is pretty useless if it doesn't report home on its spy results, so it should be possible to trace programs that violate the law back to those responsible.

Of course, the definition of "spyware" is critical. Legislatures in the past have had a hard time defining computer-related terms without making them too broad (for example, is your web browser spyware? After all, it's sending cookies back to all kinds of web sites!)

A good first step, but not far enough.

[blockhouse]

What we really need is an act that would BAN malware, etc. altogether.

Not as if it really matters. This bill, if passed, would only drive malware underground, and it'll be much harder to control. Viruses have been illegal for *years* but we all know how much they continue to plague humanity.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Not Really Enough

[Steinfiend]

A key congressional panel endorsed a bill that would force the makers of spyware to notify users before installing any software on their PCs.

As someone closely involved in the ISP Tech Support business anything that can help eliminate this problem would be gratefully received. I'm not sure this is going to have ANY effect though. 'Legitimate' (if that's not an oxymoron) spyware installers already notify users through an EULA or similar. The illegitimate ones don't care about the law anyway so will ignore this. What we really need are steep penalties for offenders when they are identified.

Oh, users who don't click on any message that flashes in front of them without reading it first would be helpful too.

Re:I wonder which 28 are on my Mac? Oh wait...

[Chess_the_cat]

I wonder how many are on my Windows machine? Oh wait, none. It's not that hard to keep spyware off your machine. Goodness. I guess the key is "the average user...". Ah well.

Alarmist or facetious?

[fname]

28 spyware programs? No, that's not at all what Earthlink said. They did I study counting the number of spyware programs, adware programs and tracking cookies, and found an average of 28 per computer. Someone, either malevolently or ignorantly, decided to trumpet this as 28 spyware programs per PC. Even though the number seems on the face of it absurd (it is), most reporters and Slashdotters don't bother digging in & figuring out what the number really means.

So I don't know if the writer & editor thought it was funny or true, but either way, stating that the average computer has 28 instances of spyware is outright false.

Re:correction

[Stigmata669]

In all fairness, the average machine is a WINDOWS machine. Mac/Linux/Unix desktops are just statistical outliers.

Spyware situation out of hand

[amaiman]

The spyware situation on the Internet is really starting to get out of hand. Every time someone asks me to fix their computer, it's loaded down with spyware. I remove it, and then a week later it's full of it again.

The problem lies in several places:

1) Users running insecure operating systems and browsers. This isn't going to change, your average user is going to continue to use Windows and IE.

2) User stupidity. "Hey, that message says there's a problem with my computer, I'd better click 'Yes' to fix it." or "It said I had to click 'Yes' to enter that web site." User stupidity is also not going to change any time soon.

3) The creators of the spyware viruses. I would call many of these programs viruses, because in my opinion, any software unintentionally installed that resists removal attempts is a virus. Even with anti-spyware software, some of these things are a real pain to remove from a machine.

Legislation is a step in the right direction, however it's not going to solve the problem, since the Internet is global. The spyware companies will also find loophooles/small print and other ways to keep doing what they're doing anyway. Writing viruses is illegal, and people still do that on a consistent basis.

The only solution to the spyware program is a targeted campaign to teach users how to recognize spyware and not get it installed in the first place. Combine that with a list of common software that installs scumware (such as RealOne Player) and educational materials on how to install real anti-spyware software (not just more spyware that claims to be), and then we can slowly start to move towards lowering the number of infected machines.

Re:Believe it or not...

[MBCook]

Yep.

I fix computers for people in my neighborhood. I'm the guy they call when they don't know how to do something, or they got a new DVD drive, or something isn't working. I've seen that happen a few times.

Just a week ago I was called to help a nice lady setup her new Dell and copy the files off her old Gateway. She bought the computer because she was tired of the Gateway always crashing and being slow and such. Every few minutes a "Explorer has crashed" dialog would come up. I can understand why she hated it.

So she bought a new Dell. Well, when copying files over I noticed what the problem was on the old Gateway. Tons and tons of spyware. Things loading in the tray, in startup, in IE, chaning preferences, causing popups, everything. She thought the computer was just "old" and was having problems, when it was all the spyware. I told her I could fix it, but she wasn't interested.

Now the fact is she had other reasons for getting the new PC. She wanted a flatscreen to get more desk space. She had a camcorder and wanted to be able to make DVDs of family movies and other such things. Her old computer would have been fine for her other tasks (like surfing and e-mail and word processing), but she really would have needed a new one to make DVDs and CDs and such.

But the point is, I can EASILY see tons of people buying new computers due to spyware. If it wasn't for that, why wouldn't Dell and other ship somehting like Ad-Aware on the computers they sell?

Definition of Spyware

[i8a4re]

Since we all know how technical majority of politicians are, I can just see them basing this whole bill on the definition of spyware. If you ask any of the companies that make spyware if their product is spyware, everyone will say that it isn't. This is just going to lead to millions of dollars being wasted on deliberations as to the definition of spyware etc.

This bill it just an attempt to treat one problem. Why don't they make an ethical software bill where all software is required to follow certain standards. Don't worry about the user being informed of the reporting of their personal info. There are too many ways to legally get the consent of the user like a 349575 page EULA. Just focus on things like being easy to find and uninstall. This would make all spyware as we know it illegal. Also, required all software list the legal name of the individual(s) or company that developed the software.

While I think that spyware and virus writers should be summarily executed, we all know that it is better to treat the source of the problem. Do something like imposing a small fine for every piece of software they install on your computer without giving you the ability to uninsall it with less than 10 clicks and no visiting a website (that doesn't exist) to complete the uninstall process. Figure $5 per violation, they'll be out of busines in no time.

Definition of spyware

[God! Awful 2]

Do they mean 28 actual spyware programs? That seems pretty hard to swallow. Or do they mean 28 tracking cookies (which are OS independent).

-a

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:I wonder which 28 are on my Mac? Oh wait...

[iamacat]

It's not that hard to keep spyware off your machine

No? You will be able to avoid clicking a yes button on an Active X install dialog box which is obscured by a popup window or comes in a serious of several other sensible Yes/No questions, while you are looking for some information in a hurry? How about unpatched IE exploits that don't ask for anything.

Yes, you can run Mozilla. But then you are replacing part of what Microsoft says is the OS. You might as well run cygwin with X server and no native Win32 programs and then compare your security to other people.

Like it matters?

[Ryosen]

Do people who write malicious software really tremble any time some dillusional congress critter gets it in his head to attempt something like this? Are people really deterred by any (alleged) action taken by ANY goverment, let alone the US?

Seeing as how well the CAN-SPAM act has been working out, I'm not going to hold my breath expecting great things from this bit of rubbish, either.

Educating the masses on how to protect themselves is the only way to defeat spyware and viruses. (Well, that and don't use IE). But, then again, it's the educated masses that the government fears the most.

Aw, screw it. Maybe they should make you take a drivers test before you get on the Information Superhighway®.

Re:On the other hand...

[MBCook]

That's a very good question. But many of the people that I deal with have basically given up on tech support for such things because it's such a paint to call. Long hold times, people who can't speak English or have a very heavy accent, terrible suggestions (want to change your wallpaper? Reinstall Windows), etc. They avoid tech support many times, just like I do. They only call for MAJOR things (computer won't turn on, can't get sound, etc). For things like "X crashes" or such.

It probably is more profitable to take those few calls and sell new systems. I guess they can't account for the hidden factor that shipping ad-aware (or other such software) would not only lower tech support calls, it would probably encourge good will and customer satisfaction which means more sales and more referals to the company. But factors like that are hard to track, so they go for the instant sales.

This is all speculation. If someone has 1st hand knowledge, I'd LOVE to hear it.

Cool - this will outlaw DRM

[Ralph Spoilsport]

on the order of the crapware^H^H^H^H^H^H^"security features" the music industry insists on [slashdot.org] plaguing the planet with.

don'tcha just love it when one hand of Corporate America Chops Off the other hand? It's kind of like watching a slow motion train wreck, or a circular firing squad.

RS

Re:IE of course

[Anonymous Coward]

I realize that IE/Windows isn't the most secure combination ever in its default form,

That's an understatement.

but properly configuring the browser and OS...

Do you enter the "Advanced" of "Internet Settings" often? Then you know how heinously unfriendly that long list of checkboxes is! It virtually shouts "You don't wanna go here! Leave it alone!". Windows users are conditioned to obey such signs.

...and patching religiously will take care of most things.

That's what system administrators do. Most users don't treat their computer religously, ever. Nor should they have to.