Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Privacy Security United States Your Rights Online

Congressional Anti-Spyware Bill Introduced 48

Posted by timothy from the paper-tiger-until-passed dept.
CRCates writes that U.S. "Senator Conrad Burns has introduced new anti-spyware legislation. The bill would make it difficult to for software to download and install itself without the user's knowledge. The bill would also require notification, consent, and procedures for easy removal."
This discussion has been archived. No new comments can be posted.

Congressional Anti-Spyware Bill Introduced More

Congressional Anti-Spyware Bill Introduced

Comments Filter:

  • Easy removal (Score:3, Informative)

    by zcat_NZ ( 267672 ) <zcat@wired.net.nz> on Tuesday March 02, 2004 @07:04PM (#8446593) Homepage
    I have yet to find any spyware that wasn't easily [lavasoftusa.com] removed [safer-networking.org]

    • I have yet to find any spyware that wasn't easily removed

      I'm more worried about the stuff I might not of found

      • Re:Easy removal (Score:5, Interesting)

        by 00420 ( 706558 ) on Tuesday March 02, 2004 @07:30PM (#8446848)
        I'm more worried about the stuff I might not of found

        Do what I did. Open the task manager and do a Google search for each of the processes.

        You may find something that nobody's aware of (I did - and it got submitted to Spybot)
        • You can also load spyware via drivers. Those are more difficult to root out.
          • Wow, I did not know that.

            I never used anything except the drivers that came with Windows and the ones that came with my video card, so I would assume I was safe there.

            Don't have Windows anymore, but I'll make sure to let my friends know to be careful about things like that (they're pretty careful already, so I'm sure they're cool)

        • Re:Easy removal (Score:4, Informative)

          by jpop32 ( 596022 ) on Wednesday March 03, 2004 @07:10AM (#8450659)
          Do what I did. Open the task manager and do a Google search for each of the processes.

          Which works well if the nasty is listed as a separate process. Which is not always the case. For example, all services go under a couple of master-processes (svchost.exe, services.exe). Furthermore, nasties don't need to be resident, they can be invoked when an activity of interest takes place. So you may miss it, except for a couple of seconds they do their bussiness.
    • I have yet to find any spyware that downloads and installs itself.

      • Re:Easy removal (Score:2, Informative)

        by Anonymous Coward
        They do exist; I watched as a friend mistyped an address into IE and got sent to a typo-squatter's page which installed Xupiter Toolbar without asking. (He uses Opera now for obvious reasons.)

        There's another one I've heard of but never actually seen in the wild called CoolWebSearch. Apparently there's 30-something variants of it, and they use try to use an exploit in the Microsoft VM to install themselves silently on unpatched machines. I hear some of the nastier variants go so far as killing the proce

    • It annoys me that it's necessary to run both Ad-Aware and Spybot, even with both newly updated.

      If you want to get rid of a virus, it's not necessary to use both AVG and Norton. Perhaps it's because there is much more of a network of the anti-virus developers helping each other.

      For me, it isn't much of a hassle running both of the programs, but for the average idiot, running SpyBot and AdAware is much too difficult. The problem won't be stopped with legislation, the problem will be stopped whenever Dell an

      • Re:Easy removal (Score:2, Informative)

        by TykeClone ( 668449 )
        I've had a bit of a chance to run it and I'd say no - it doesn't. I was cleaning up a machine and Norton 2004 did catch some stuff, but Adaware caught much, much more.
        • Panda [pandasoftware.com] detects spyware, adware, and virus hoaxes, not to mention regular viruses, in their Corporate Antivirus Solution and thier Platinum Internet Security version.

          I'm currently using thier corporate version and like it alot. It's not quite as good as ad-aware, but the mere fact that they seem to have commited themselves to addressing this issue speaks volumes to me.

          I see many more problems caused by adware and spyware then by true viruses.
          • Can't argue with that.

            I've fixed a couple of machines that had a combination of just a couple viruses and a bunch of adware that basically rendered them useless.

    • I have yet to find any spyware that wasn't easily removed

      A lot of spyware has a tendency to destroy TCP/IP networking under windows. In my experience, spyware results in a sizeable percentage of computer repairs. I see less computers obviously damaged by viruses then by spyware.

  • No spyware? (Score:3, Funny)

    by Gothic_Walrus ( 692125 ) on Tuesday March 02, 2004 @07:08PM (#8446634) Journal
    There goes all of AOL's profits from Instant Messenger...

  • Consent (Score:1, Funny)

    by Anonymous Coward

    The bill would also require notification, consent, and procedures for easy removal.

    You mean the way they notify you and gain your consent by burying it a dozen pages into the EULA that nobody reads? The way you can uninstall the spyware by reformatting?

  • Thin line... (Score:5, Insightful)

    by ERJ ( 600451 ) on Tuesday March 02, 2004 @07:11PM (#8446662)
    Although I hate spyware as much as the next person, I am not so sure that the government should control it. The problem I see with the above is that it defines spyware more by the distribution method then the purpose.

    I can definetely see a purpose for software to download updates, patches, etc automatically. Privacy concerns is what spyware is really about.

    • Re:Thin line... (Score:4, Insightful)

      by the real chahn ( 727189 ) on Tuesday March 02, 2004 @07:22PM (#8446765)
      But, the software should still ask for your permission to download those patches. I have no problem with my computer telling me that there are new patches, device drivers, etc. available. I do have a problem when it downloads and installs them without telling me, because it could mess up my computer. I've had devices that were working perfectly fine all of a sudden crash because of a new driver, and I want to be the one that decides whether or not I need to update.
      • That much is true, but even if the program asks you before installing, you often don't have sufficient data to make an informed decision. Windows Update asks me every time, but how do I know if I want a particular patch or not? The only solution is to keep declining for a week or so, then check Google to see if anyone's reporting problems. I.e., a disappointingly low-tech, unreliable solution.

        Which is to say - asking for permission is nice and should IMO be required, but it's not nearly enough. the manufac

  • Where are those two comments? (Score:4, Insightful)

    by ObviousGuy ( 578567 ) <ObviousGuy@hotmail.com> on Tuesday March 02, 2004 @07:11PM (#8446663) Homepage Journal
    Off-topic, I admit, but there seem to be 2 more comments than are displayed here in this story. Where'd they go?

    Spyware is a scourge, but how likely is it that this kind of weak-willed legislation will make spyware any better? Not likely, IMO. Not to mention that the law puts a muzzle on the 'free speech' of spyware authors, this law will probably go down in flames like all other anti-spam measures.

  • This is almost completely meaningless (Score:5, Interesting)

    by lightspawn ( 155347 ) on Tuesday March 02, 2004 @07:12PM (#8446672) Homepage
    Most spyware actually informs users somewhere in the very long license agreement, and would not be affected by this.

    Completely criminal spyware - installed completely without the user's knowledge (such as that found on some discs claiming to be music CDs) is already illegal.

    This is just a 'feel-good' measure which will not actually change anything; at least the intent, unlike CAN-SPAM, wasn't evil here.
    • Interesting point;

      Although it's not spyware (afaik) many of those 'copy protected' CD's do install software without warning, for the sole purpose of interfering with the normal operation of the computer.

      How the hell is this _NOT_ illegal already?!!

      And why is nobody being prosecuted for it? There's no shortage of hard evidence.

      • Of course that wouldn't happen if it wasn't for the fact that Windows has autoplay turned on by default. And it will happily run executables without user intervention. All this to save people from the horrible inconvenience of clicking "OK" on a dialog box.
  • Or was this just covered last night?
  • things are not going to change for the average /. user, but things are going to change for the better for the average user. Now, gator can't legally annoy the hell out of the average joe using his computer. I'd say that is a change for the better.
  • SEC. 2. UNAUTHORIZED INSTALLATION OF COMPUTER SOFTWARE.

    (a) NOTICE, CHOICE, AND UNINSTALL PROCEDURES- It is unlawful for any person who is not the user of a protected computer to install computer software on that computer, or to authorize, permit, or cause the installation of computer software on that computer, unless--

    (1) the user of the computer has received notice that satisfies the requirements of section 3;

    (2) the user of the computer has granted consent that satisfies the requirements of section

    • Re:Unfortunate consequence (Score:2, Interesting)

      by Anonymous Coward
      One unfortunate consequence of this talk of "user granting consent" takes us closer to the position that the act of clicking OK on a EULA can somehow be binding on the person.

      As far as I'm concerned I should always be able to click anything on my own computer without thereby entering into a contract with some company such as Microsoft. Ugh.
    • Try no enforcement period. What the law makers have to realize is that the Internet consists of the whole world. If I don't like the laws and restrictions in the US, I'll move my operations to Sealand or some other place. Just look at the shipping industry and whare all those tankers, cargo, and cruise ships register. Sure the US could put pressure on some countries, but I don't see them blocking Korea or China any time soon.
  • Hey, I use windows xp. I know that this particular O/S isn't that popular on this site. Downloaded several programs that were designed to stop spyware and lo and behold it did eradicate the spyware on the pc and place their on spyware in place of the deleted program. Browsers would not refresh as fast. I use several and a host of other strange maladies occured. Looks like everyone is going to have to write their own software next.

  • Wait a sec... (Score:4, Insightful)

    by Fubar420 ( 701126 ) * on Tuesday March 02, 2004 @08:43PM (#8447642)
    Do the ActiveX controls that ask Y/N in IE count?

    I use mozilla so that hardly bothers me, but a lot of people just assume that if a link (see AIM virii/trojans/"games" and the like) is sent to them, that the warning is part of the game?

    Most activeX controls say 'I'd like to install something now...' and people just assume yes as the correct answer... They _do_ give consent, even if its kinda foolish to do so.
  • Now the lawyers will be debating the definition of spyware all the way to the Supreme Court over the next 10 years, tied in tangles of litigious obfuscation, destined to hedious ruin.

    What a stupid waste of society's resources.

    Open the source -- problem solved.
  • "The bill would make it difficult to for software to download and install itself without the user's knowledge."

    I could have sworn it was already illegal. Making it "difficult" would be a step down.
    • If one posits the users' systems are insecure because the OS can't protect itself. The legislation is *good* because it will prepetuate insecure systems by keeping them alive.

      Personally, I'm against anti-virus software.
      Of course, I never attach to the net either. This message was tied to a brick.

      You could, of course, use two bricks. Oh, you do use two bricks!
  • This will have absolutely no effect. The US political system is too corrupt for these kind of laws to end up functional. Gator and their fellow trash just need to donate enough money for the coming election and the new law will be watered out to have no effect.

  • The real trouble with spyware (Score:3, Informative)

    by Whatchamacallit ( 21721 ) on Wednesday March 03, 2004 @10:52AM (#8452288) Homepage
    As I see it, and I have removed over a million pieces of spyware from my customer's computers...

    The trouble with spyware is:

    1. It's damn sneaky. No indication other then a license agreement that no one reads because it's all legalease and effectively gibberish to the average person.

    2. Some spyware is loading onto computers via popup advertisements that are using obvious MSIE flaws to allow it to install. Most of the spyware changes your homepage to their search page which also happens to re-install their software. This means they are using virus/trojan techniques to invade your system.

    3. Most spyware will re-install or auto update itself if you try to remove it and miss a portion. Some spyware appears to team up with other spyware packages that reload each other.

    4. Several spyware companies actually advertise anti-spyware software that just loads more spyware onto a system.

    5. The security in Windows is horrible. Looks like we might have to resort to a signing method for all approved software and allow only company approved signatures to install. I don't think Windows fully allows this for everything. I know they do it for drivers but it should be available for all software.

    Spyware is begining to be a real problem in enterprise environments, we locked down our WinXP computers pretty tight and yet the spyware still manages to get installed. It takes hours to remove spyware from a user's machine. In some cases, when Ad-Aware and SpyBot both failed to remove a package, we ended up having to rebuild the OS and restore the user's data.

    Windows is so very broken that I don't think it can ever be fixed. No law will make a difference, companies will just move off shore and then still deliver the spyware goods.

    The only sure fire way I see Windows getting repaired is if Microsoft bites the bullet and stops development on Longhorn and then literally starts over. They should make a FreeBSD base and build the Windows API into the system. This will ensure multiple user abilities and more importantly, security. Of course this will break all old software that requires drive letters and other things that will have changed but it's becoming necessary. The holy grail for MS is backwards compatibility and it's also a curse they will never give up.

    I know, Apple did the same thing with OS X. It's a custom Mach kernel with a FreeBSD foundation. They build a backwards compatible Classic environment as well as a porting environment called Carbon in addition to the NeXTStep Cocoa NS API. The security is there and you are prompted to install software whenever an application tries to install. If it installs in your user home directory structure, you may not be prompted, but at least you will be able to rebuild the user account and migrate your data.

    Microsoft needs to follow suit. Of course they should do it their own way but they really need to focus on security as well as separating the OS from the Applications and System wide software from individual user software as well as user settings from system settings. The trouble is Windows has always had a hard time isolating things because of the backwards compatibility issues. WinXP moved the user profiles to Documents and Settings but it needs to be better isolated across everything everywhere. All the security issues come down to a serious flaw in design which directly stems from the Win3.x and the strong desire to keep old software running on new systems. Windows systems are wide open out of the box. Most good Unix distributions are closed out of the box. i.e. in Unix you need to turn things on. In Windows you need to turn things off. This makes a heck of a lot harder to lock down.
  • I have had spyware that was damm hard to remove. It was one of those "browser hijackers" that would direct to one of those sites that sell domain names. A spyware removal program found it but couldn't remove it. This was because it became part of the windows 98 operating system and any attempt to delete the file from the directory or the windows registry would give a "file in use" error. I ended up having to boot the computer in DOS mode and delete the file then reboot in windows.
  • I've never had any problems with spyware...
    I guess the target environment is not linux :)

Slashdot Top Deals

Egotist: A person of low taste, more interested in himself than in me. -- Ambrose Bierce

Close