Market Research Company Secretly Installs Spyware 206
An anonymous reader writes "Forbes reports that two security experts are raising new questions about comScore, claiming that company's tracking software is being installed without consent on an unknown number of computers. The widely-used online research company takes screenshots of every Web page viewed by its 1 million participants, even transactions completed in secure sessions, like shopping or online checking. ComScore then aggregates the information into market analysis for its clients, which include such large companies as Ford Motor, Microsoft and The New York Times Co." From the article: "'[The] software is sneaking onto users' computers without the user agreeing to receive it,' says Harvard University researcher Ben Edelman, who documented at least ten unauthorized comScore downloads. Eric Howes, director of malware research at antivirus company Sunbelt Software, and his researchers separately observed hundreds of unauthorized comScore downloads in a three-month period this fall."
Well? (Score:4, Insightful)
Some justice,revenge,butt chewing,anything?
Do we write our congressman,DOS them or what?
all problems and no solutions.
It must be illegal on some level.
do we file a massive suit and each collect $5 or what?
That's sort of odd... (Score:4, Insightful)
Why is the DOJ worried more about aunt Eunice downloading MP3s than they are about people who are maliciously causing harm?
sigh, I'll write but I wonder if my representatives will actually notice...
"unauthorized download" (Score:2, Insightful)
Re:That's sort of odd... (Score:1, Insightful)
Re:Yawn... (Score:3, Insightful)
Re:Yawn... (Score:5, Insightful)
Interestingly, the advice given is almost the same too: don't plug in...
People are doing it and kids will do it, so instead of closing your eyes and yelling "don't do it", you should at least show them how to use protection first.
So what good is a unenforced law? (Score:5, Insightful)
So what good is the Computer Fraud and Abuse Title Act 18 Section 1030 if the FBI will not enforce it?
Re:Yawn... (Score:1, Insightful)
Skew them ! (Score:3, Insightful)
Who would have thought that people who regularly view Ford's web site also like Goats ?
Re:Yawn...Just say no to sex. (Score:4, Insightful)
Sure, abstinence is the only 100% effective way of preventing STD's, but teaching that and nothing else, is an extraordinarly dumb thing to do, because it goes against our natural instincts. We are born with the need for sex, and when it awakens it tends to go a little nuts. Abstinence only education can lead directly to teen pregnancies and the transmission of std's, because kids are not given an alternative method of protection, and in fact statistics show that it simply doesn't work in any way shape or form. Ignorance is not protection.
Your gun lesson analogy is a bad one. Firing guns is not a natural urge written into our genes.
ALL teens have sexual urges, but only a handful of nutcases have the urge to shoot their classmates.
Thus, your argument is a red herring.
That being said, it wouldn't hurt to have an alternative method of protection against guns, such as trigger-locks, and not rely solely on the "don't do it because I said so" method (which incidentally is the same one used in abstinence only education).
A more proper analogy would be:
You have a swimming pool in your back yard. You can tell your kids not to go in it all you want, but one day, when you're not looking, they will, and when that time comes, wouldn't it be safer if they've been taught how to swim?
I hope someone takes the lead on this (Score:3, Insightful)
I think there is a point that needs to be driven home into our culture that it's NOT okay to do anything for money. Because I believe that at some level we all somehow forgive these people for their tresspasses because their motivation was for profit... and we all understand the need for profit right? No, there are limits to what is acceptable behavior with a profit motive and like HP's spying (which arguably wasn't directly a profit motive but performed by a profit seeking competitive organization) we should not simply dismiss this as yet another "white collar crime" and move on. If people felt like they were risking more than a few hundred thousand of their millions of dollars, they just might think twice before ordering these things be done.
Re:Intercepts https:// (Score:5, Insightful)
This is a serious limitation of SSL on commodity operating systems, by the way. IE's list of trusted root certificates is simply entries in the registry. Even if you're part of the infinitesimal fraction of users who knows what a CA cert is and where to look for them, how can you do a security review on all 39 of the root certificates that come with Firefox, or spot a new unwanted one? (One of those root certs is from AOL, by the way). If you trust the Mozilla foundation to audit the security and practices of each and every one, do you have the same trust in a proprietary browser's developers? Even assuming the developers make the decision instead of the marketers?
I can't find the repository (Score:2, Insightful)
Windows users: when you use linux, a program that does just what you need is almost always just a few clicks away, is free, and doesn't have toxic junk like this attached to it. Usually linux comes with your choice of industrial-strength database servers and clients, web servers and scripting languages, a complete software development kit for the whole thing in dozens of programming languages, a choice of office suites and so much more that it's just amazing. One of the nicer things about it is that you can throw out that filing cabinet with the installlation CDs , packaging and license agreements that came with every piece of hardware and software because you just don't need it. You can replace it with a nice japanese fountain and improve your Feng Shui.
They don't do it (Score:4, Insightful)
Enticing a third party to commit a crime should carry heavier penalties than doing the crime yourself. Especially when as in this case multiple third parties are enticed.
And comShare is receiving stolen property - property stolen only because they offered to buy it. But do we need new law in this area to properly jail these fuckers?
Re:Do you have to deal with the problems? (Score:4, Insightful)
Real friends don't expect you to do work for them. If that offends them, good riddance.
Yes, but it's not my responsibility, nor is it a way I want to spend my free time. There are much more fun ways to strengthen friendships that don't involve one person doing work for free.
As far as I'm concerned, my help stops after I tell them to run Debian.
Re:That's sort of odd... (Score:3, Insightful)
Re:Yawn...Just say no to sex. (Score:2, Insightful)
That's a nice analogy, but it doesn't fit. Almost every friend I've set up with Firefox, firewalls, anti-virus programs, etc. has, within days, DISABLED those programs and gone back to surfing bareback.
Why? I ask.
Every bogus reason in the book:
"It was too *slow*" (It wasn't)
"I didn't *like* it!" (Won't say why)
"It *messed up my computer*" (How, they can't say).
"The Icons look wrong" (no joke)
Now I just walk away. Why waste my time with bozos when actual work is available for which I'll not only get paid, but get a "thank you" along with the check?
Re:Do you have to deal with the problems? (Score:4, Insightful)
Re:Do you have to deal with the problems? (Score:4, Insightful)
Hear, hear old chap!
It's about time we all stopped subsidizing Microsoft's insecure shitware. If everyone who had Windows had to pay GeekSquad's rates every time a computer died, there would be much more pressure on Microsoft to release something secure. But they don't, because they don't have to.
And seriously, it takes a good whole 12 hours of watching the cleaning software chew through all the data on drives these days and when you're done, you're still not sure you got everything.
Yet some "friends" want us to do it for free or for prices that wind up being about minimum wage when the billable hours are worked out. Sometimes that's ok. Some charity cases are OK in my book, but when the charity case comes back 6 months later with the same old "my computer is slow", one feels like a chump.
So now my line is "I'll do it for free if you let me put Linux on it."
Last Friday, a colleague asked me if his computer was infected because it was slow. I told him it was probably a couple of hundred infections (true). He was wondering if he should give it to me or GeekSquad. I told him GeekSquad will just format and reinstall. I did tell him that while he could pay me to do the same thing at a cheaper rate than GS, I would put Linux on it for free. He's thinking.
--
BMO
Re:I can't find the repository (Score:3, Insightful)
Of course, the question is if people migrated en mass to Linux, would they bring their bad Windows habits with them? Probably. Most people don't understand computers and don't really know why running binaries from the Internet is a bad thing. They do it all the time, and really they have no choice since most MS computers have no compilers on them.
Technically, it's possibly to have spyware on Linux. Culturally and socially, it's much less likely.
Re:Well? (Score:3, Insightful)
Or more likely the ELUA attached to the program said "We can change this however and whenever we like". With there being a piece of HTML somewhere on their website which says "We own anythihng on your computer".
Personally I'm getting close to the point where I'm going to completely disconnect my Windows PCs from the Net and just have a Linux box for web stuff... it's just not worth the risk of having my bank account emptied by Windows scumware.
Avoiding any banks who require Windows (with MSIE) for "(in)security reasons".