U.S. To Impose Spyware Control Laws

ArbiterOne writes "BBC has the story: A bill has been introduced into the U.S. House of Representatives to control the proliferation of spyware and malware. The proposed bill would force programs to inform the user before installing programs, and require that spyware be easily removed. A study by EarthLink found that the average user has 28 spyware programs on their computer!"

Believe it or not...

[rd4tech]

I had once to repair a user PC (average Joe's) with about 1447 installed whatnot... (according to adaware) It was taking the darn thing 35 minutes just to boot up and was veryyyy slow when operating. And she was having quite a powerfull machine too..

Bloody obvious

[hattig]

It is a shame that things like this need to be made law.

I expect that spyware already falls under the Computer Misuse Act 1990 in the UK regarding modification of a computer system without the user/owner being aware.

As far as I am aware, these bits of software are viruses and should be treated as such. Including the writers of said spyware.

It's About Time

[Ridgelift]

Once installed, it can redirect web searches, install bookmarks or bombard a user with pop-up ads tailored to other search terms. It can also drain computing power, crash a machine and, in the case of the most malicious spyware, steal confidential information

A friend of mine works for a technical call center for a large US hardware manufacturer. The contract he works on is supporting notebook computers.

A customer recently called in because his computer was running slow. After installing and running ad-aware and spybot, the customer had over 4600 spyware programs. Yes, you read that right, over 4600 spyware programs. It's a miracle that thing ran at all.

Legislation to curtail spyware is long over due. An operating system that is resistant to spyware is already available, and it ain't Windows.

Re:Believe it or not...

[dealsites]

That sounds pretty resonable. On a side note, I bet the PC makers kinda like spyware. After all, it will eventually slow down the average joe's PC, and unless he knows how to remoe spyware, he might upgrade to get a "faster" PC.

--
Live deals updated in real time. Over 500 a day! [dealsites.net]

a lot of spyware already 'informs you'...

[seibed]

a lot of spyware already 'informs you'... its just that the average public just clicks right through all of the legal stuff anyway.

28.... 28!!!

[joeldg]

People have on average 28 spyware programs?
holy crap!!

well, at least this is another notch in the belt of opensource.

That just amazes me. I tried a while back to see how easy it was to create one and installed a windows machine and hacked together an easy directx control that installed itself on page load and changed (just for testing) the word "Yahoo" into the word "Shit" and then had fun surfing aroud on "Shit! mail" and "Shit! autos".. It took a total of about two hours to create in Delphi and I am a unix programmer not a windows programmer.

Just thinking how easy it would have been to make one that replaced 460x80 images with one from one of my servers and this really does not surprise me.

Copy Protected CD's

[Professor Calculus]

I wonder if this will destroy SunnComm's copy protected CD model? The CD installs software on a Windows machine without user permission to prevent them from accessing it directly. Obviously this can be bypassed with the infamous Shift Key "Hack" anyway, but it works for most people cause they don't know what it is doing in the background. This bill could force SunnComm to get the user's permission to install the software, and even Joe Shmoe could bypass it then.

Possible method of identification and removal

[willith]

I deal with a lot of spyware/adware at work, and one of the big problems is that the user usually has no idea why the advert windows are popping up, nor from where they're coming.

I'd love to see spyware makers be forced to provide a small link at the bottom of *each advert window* that says something like, "This advertisement is being shown to you by $NAME_OF_PROGRAM. Click here for more information." Then, you could click the link and be taken to a page with a brief description of what the program is and what it does, and how to remove it. If it was installed because you installed KaZaa or whatever, it should say so there, too.

Perhaps I should torture myself further by dreaming up more completely reasonable but totally impossible things...

Re:Believe it or not...

[lpret]

On a side of that side note, I'd like to add that that is how I got my "play" computer. A friend of mine needed help because she got a new computer, I asked what happened with her old one and she said it didn't work. I told her I'd take a look at it and she said I could have it -- monitor and all. I now have a nice 1.8 ghz dell that had about 2300 pieces of malware on it. It's now my box that I try different distros on and test my home-rolled knoppix.

Business opportunity!

[eyepeepackets]

Perhaps some quality folks like Google can offer up a service whereby Joe Sixpack can browse to a website and get his Winbomb box serviced, much like he takes his car to a service station: He pulls up to the website, orders a cleanup/tuneup from the website, website cleans all the crap off his machine, checks his security settings, makes a few recommendations with the offer to do it for him on the spot, shows him a few ads whilst the PC is being serviced and then waves goodbye, telling him that his machine is being rebooted and will be ready to roll after it comes back up.

What is that old adage? When faced with a bunch of lemons, make lemon pie? I forget but you get the idea.

Re:Bloody obvious

[Krunch]

As far as I am aware, these bits of software are viruses and should be treated as such. Including the writers of said spyware.

I always wondered why {spy|mal}wares aren't in antivirus databases.

Re:Believe it or not...

[XryanX]

Can you introduce me to some of your friends?

All kidding aside, one of my friends got 3 1/2 free hours of tattoo work(~$300 at the price this particular artist charges) simply for removing spyware, running through scandisk and defrag, and taking unnecessary items out of msconfig.

She ended up getting a Tux tattoo.

Re:Yes, I am a cynic

[mark-t]

The solution to this is to have the bill define the behaviours necesary to qualify as "spyware".

An extremely broad definition wouldn't necessarily be a bad thing in this case either...

For example, spyware would be any software which collects and reports details about the user's computer or the user's activities to a party that has not previously obtained permission to perform administration duties on that particular computer. Said permission can only be obtained either by virtue of property ownership, or by explicit (and verifiable at both ends) agreement between the owner of the computer and the party that performs administration on it.

I think something like that would probably do the trick.

Re:It's About Time

[Mesaeus]

It probably is, however the biggest number I've seen with MY customers (about 30 average Joes and Janes) is about 1400, spread over four user accounts (so a lot of it was duplicate stuff). 4600 traces of spyware is an ungodly amount, I had hours and hours of clean up work with the 1400 one. 90% of spyware can be automatically cleaned with Spybot and Adaware, but the remaining 10% can be a tough cookie to get rid of permanently.

There is an easy way to make spyware disappear

[dcavanaugh]

Taxation on the program, per installation, and a tax on the ads devivered via spyware. While we're at it, maybe a tax on each byte of data sent outbound via spyware. Killing spyware is then a simple act of following the money and taxing the hell out of those who distribute or benefit from it.

Re:Believe it or not...

[Soul-Burn666]

I've guided a friend thru ad-aware and it found, listen very well... not less than 11,000 items.

I was once very surprised when ppl have over 100. Then I met ppl with over 1000. But this one really hit the top.

So what if they might be mostly tracking cookies, 11,000 is not a number to underestimate.

Man, I hope you're right but thing you are wrong

[gone.fishing]

A good portion of my day is spent dealing with spyware. I've noticed that in the past several months it has gotten worse, in some cases far worse.

A law in the United States will only affect those companies with a legal presence in the United States. Many, many companies that offer software aren't in the U.S. Even if the law is effective on companies here, it will just migrate to somewhere that it isn't regulated and those Kaaza type companies will still be immune.

While I hope you are right, I think that you are wrong and I guess that my attitude is that it is probably better dealt with using technology than laws. The loopholes in technology are easier to close.

My ideal solution would be a system that would detect all types of malware and security threats and know how to fix them automatically. I'd like to see one component be "forward looking" where it would monitor computers and forward suspicious activity to a database that would be used to identify new threats in an almost real time manner. Of course this in and of itself could be considered "spyware" by some (because it would be reporting activity on your computer). But if all of a sudden xyzabc.dll started appearing on hundreds of computers in a short period of time, a human could evaluate it and figure out if it is a threat. If it is, it could be blocked on uninfected machines.

Re:Definition of spyware

[LabRat007]

I primarily do onsite repair for home users in my area of the states. I continually run into top end machines that can't even funtion because of the number of spyware items running. Its become the most common service call I get. Kinda crazy but spyware has actually made me a whole lot of cash (I'm not a bastard about it though - I show all the customers how to use adaware at the end of the day). My person largest number found to date is 1335 items (mostly tracking cookies but still - damn!) Whats yours?