Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
United States Communications Privacy

U.S. To Impose Spyware Control Laws 402

ArbiterOne writes "BBC has the story: A bill has been introduced into the U.S. House of Representatives to control the proliferation of spyware and malware. The proposed bill would force programs to inform the user before installing programs, and require that spyware be easily removed. A study by EarthLink found that the average user has 28 spyware programs on their computer!"
This discussion has been archived. No new comments can be posted.

U.S. To Impose Spyware Control Laws

Comments Filter:
  • by Anonymous Coward on Saturday June 19, 2004 @11:46AM (#9472477)
    • by God! Awful 2 ( 631283 ) on Saturday June 19, 2004 @12:27PM (#9472717) Journal
      Do they mean 28 actual spyware programs? That seems pretty hard to swallow. Or do they mean 28 tracking cookies (which are OS independent).

      • by macdaddy357 ( 582412 ) <> on Saturday June 19, 2004 @01:18PM (#9472967)
        28 programs is reasonable. I am a computer repair technician, and spend every day cleaning up this garbage for people. If you count the cookies, and not just actual programs, then the average user has over one hundred spyware items.

        The common user never imagines that just clicking on a pop-up window, hoping that will make it go away gives someone the right to take over their computer. They don't "get it" that kazaa is bundled with spyware either.

        As for EULAs, even if people did read those things, they are in legalese jargon. No one understands that gabbledegook, so no one can possibly give informed consent to it.

        I see a lot of brand new computers running like a 386 trying to use Windows XP because of spyware. I am surprised more people haven't given up on computers completely. If this new law is as full of loopholes as it seems, then people swearing off computers is still the inevitable result of spyware.

  • by The Importance of ( 529734 ) * on Saturday June 19, 2004 @11:46AM (#9472479) Homepage
    Will this bill make it illegal for "copy-protected" CDs to add malware to your computer through autorun? Will they be required to make it easy to remove the malware?
  • Believe it or not... (Score:4, Interesting)

    by rd4tech ( 711615 ) * on Saturday June 19, 2004 @11:46AM (#9472480)
    I had once to repair a user PC (average Joe's) with about 1447 installed whatnot... (according to adaware) It was taking the darn thing 35 minutes just to boot up and was veryyyy slow when operating. And she was having quite a powerfull machine too..
    • by Anonymous Coward on Saturday June 19, 2004 @11:48AM (#9472487)
      With only 110 less they would have been 1337!!
    • by dealsites ( 746817 ) on Saturday June 19, 2004 @11:52AM (#9472521) Homepage
      That sounds pretty resonable. On a side note, I bet the PC makers kinda like spyware. After all, it will eventually slow down the average joe's PC, and unless he knows how to remoe spyware, he might upgrade to get a "faster" PC.

      Live deals updated in real time. Over 500 a day! []
      • by MBCook ( 132727 ) <> on Saturday June 19, 2004 @12:15PM (#9472658) Homepage

        I fix computers for people in my neighborhood. I'm the guy they call when they don't know how to do something, or they got a new DVD drive, or something isn't working. I've seen that happen a few times.

        Just a week ago I was called to help a nice lady setup her new Dell and copy the files off her old Gateway. She bought the computer because she was tired of the Gateway always crashing and being slow and such. Every few minutes a "Explorer has crashed" dialog would come up. I can understand why she hated it.

        So she bought a new Dell. Well, when copying files over I noticed what the problem was on the old Gateway. Tons and tons of spyware. Things loading in the tray, in startup, in IE, chaning preferences, causing popups, everything. She thought the computer was just "old" and was having problems, when it was all the spyware. I told her I could fix it, but she wasn't interested.

        Now the fact is she had other reasons for getting the new PC. She wanted a flatscreen to get more desk space. She had a camcorder and wanted to be able to make DVDs of family movies and other such things. Her old computer would have been fine for her other tasks (like surfing and e-mail and word processing), but she really would have needed a new one to make DVDs and CDs and such.

        But the point is, I can EASILY see tons of people buying new computers due to spyware. If it wasn't for that, why wouldn't Dell and other ship somehting like Ad-Aware on the computers they sell?

        • You don't think they'd be saving a ton of money on tech support calls for "MY COMPUTAR IS FLOODED WITH POPUPS" if they would put some sensible policies to place to deflect spyware? I'm quite convinced that the money wasted on supporting these people far outweighs the profits they bring in from the odd user who buys a new computer instead of popping in the System Restore CD.
          • That's a very good question. But many of the people that I deal with have basically given up on tech support for such things because it's such a paint to call. Long hold times, people who can't speak English or have a very heavy accent, terrible suggestions (want to change your wallpaper? Reinstall Windows), etc. They avoid tech support many times, just like I do. They only call for MAJOR things (computer won't turn on, can't get sound, etc). For things like "X crashes" or such.

            It probably is more profitab

      • by lpret ( 570480 )
        On a side of that side note, I'd like to add that that is how I got my "play" computer. A friend of mine needed help because she got a new computer, I asked what happened with her old one and she said it didn't work. I told her I'd take a look at it and she said I could have it -- monitor and all. I now have a nice 1.8 ghz dell that had about 2300 pieces of malware on it. It's now my box that I try different distros on and test my home-rolled knoppix.
    • There's some overlap. A typical spyware program will show as about 20 entries in AdAware IIRC from the time I removed a few from my brother's computer. It lists the running process(es), executable, registry keys, any related cookies, etc. separately.
    • I had once to repair a user PC (average Joe's) with about 1447 installed whatnot... (according to adaware) It was taking the darn thing 35 minutes just to boot up and was veryyyy slow when operating. And she was having quite a powerfull machine too..

      Is that 1447 including cookies? I hate how adaware equates cookies with spyware.

    • 1447? You do realize that AdAware reports cookies and registry entries as well as executables, right? I find it highly unlikely that there a single machine would be infected with 1447 individual applications.
  • Bloody obvious (Score:5, Interesting)

    by hattig ( 47930 ) on Saturday June 19, 2004 @11:47AM (#9472482) Journal
    It is a shame that things like this need to be made law.

    I expect that spyware already falls under the Computer Misuse Act 1990 in the UK regarding modification of a computer system without the user/owner being aware.

    As far as I am aware, these bits of software are viruses and should be treated as such. Including the writers of said spyware.
    • Re:Bloody obvious (Score:3, Interesting)

      by Krunch ( 704330 )
      As far as I am aware, these bits of software are viruses and should be treated as such. Including the writers of said spyware.
      I always wondered why {spy|mal}wares aren't in antivirus databases.
      • The same thought occurred to me... well it occurrs to me everytime I sit down to clean out a system.

        In fact, Symantec might whine about virus attacks and spread all the paranoia they can to boost sales, but in the end all they really need to do is revamp their product to include a spyware/malware scanner.

        Why not, it's your system and if you don't want their crap on there it is your right to remove it.

        So yeah, currently all systems in the user reign of terror usually have adaware and spybot in addition to
  • by Anonymous Coward on Saturday June 19, 2004 @11:47AM (#9472483)
    Why is legislation necessary here? this is a problem that could be solved with just a little technical nous.

    Instead, we get another law, pretend it's enough, and find it's as toothless as the paper it's written on.
    • by Scott Wood ( 1415 ) <scott.buserror@net> on Saturday June 19, 2004 @11:50AM (#9472507)
      Because, like spam, it is a behavioral problem, not purely a technical problem. System break-ins and e-mail worms can be prevented by technical means as well, but that doesn't mean it should be legal to carry them out.
    • by fmaxwell ( 249001 ) on Saturday June 19, 2004 @12:55PM (#9472869) Homepage Journal
      Why is legislation necessary here? this is a problem that could be solved with just a little technical nous.

      Fine. You go to 290 million people in the U.S. and educate them -- every man, woman, and child -- on how to deal-with, avoid, and remove spyware. God knows that learning about sypware should be the key goal in everyone's life. The guy investigating prostate cancer online after bad news from his doctor? He should stop what he's doing and take lessons from you about spyware.

      Next, we can get rid of laws prohibiting muggings and just teach everyone self-defense. We can make identity theft legal and just teach people how to prevent it.

      Everyone should not have to know about everything just to avoid being victimized.
  • It's About Time (Score:5, Interesting)

    by Ridgelift ( 228977 ) on Saturday June 19, 2004 @11:47AM (#9472484)
    Once installed, it can redirect web searches, install bookmarks or bombard a user with pop-up ads tailored to other search terms. It can also drain computing power, crash a machine and, in the case of the most malicious spyware, steal confidential information

    A friend of mine works for a technical call center for a large US hardware manufacturer. The contract he works on is supporting notebook computers.

    A customer recently called in because his computer was running slow. After installing and running ad-aware and spybot, the customer had over 4600 spyware programs. Yes, you read that right, over 4600 spyware programs. It's a miracle that thing ran at all.

    Legislation to curtail spyware is long over due. An operating system that is resistant to spyware is already available, and it ain't Windows.
    • Re:It's About Time (Score:4, Insightful)

      by DrEldarion ( 114072 ) <[moc.liamg] [ta] [0791uhcsm]> on Saturday June 19, 2004 @11:58AM (#9472554)
      Are you sure it was actually 4600 different programs? I find that hard to believe - It seems that the computer wouldn't run at all with that many programs running in the background.

      Could the "4600" number have been the total number of spyware programs running, files found, and registry keys found?
      • Re:It's About Time (Score:2, Interesting)

        by Mesaeus ( 692570 )
        It probably is, however the biggest number I've seen with MY customers (about 30 average Joes and Janes) is about 1400, spread over four user accounts (so a lot of it was duplicate stuff). 4600 traces of spyware is an ungodly amount, I had hours and hours of clean up work with the 1400 one. 90% of spyware can be automatically cleaned with Spybot and Adaware, but the remaining 10% can be a tough cookie to get rid of permanently.
    • Were all 4600 actually programs? A lot of the stuff Ad-aware picks up is things like cookies and registry values.
    • Yes, you read that right, over 4600 spyware programs.

      Yes, but Ad-Aware, Spybot S&D and most other spyware removal tools would have counted a cookie from an ad bureau as a "program" in your quote above. While I wouldn't class a cookie as a program, they do enable large scale information gathering and hopefully will get explicitly covered by the wording of the legislation to avoid any loopholes. And on the subject of wording, the phrase the legislators need to remember is "failure to have the opt-in

    • You said a place that services laptops. Toshiba has a 4600 (one of their best, actually). I find it impossible that there are 4,600 (4 thousand, six hundred) things running on top of normal OS stuff. I think you're confused...
    • Legislation to curtail spyware is long over due. An operating system that is resistant to spyware is already available, and it ain't Windows.

      I call FUD.

      MS Windows isn't the prime target for spyware because of it's rather poor record, it's the prime target because 95% of the people out there use some form of Windows and thus the number of clueless retards using Windows is higher then with MacOS or Linux. Blaming spyware on Windows is flawed, because spyware on Linux is realistic, possible but simp

      • Yet. If Linux gets enough market share, some spyware, virusses and other crap WILL come to Linux. Never EVER underestimate the stupidity of the average computer user.

        I don't entirely buy it. By that logic, Apache should be exploited far more often than IIS. Is has more than twice the marketshare so it should be targeted more. But it isn't. IIS accounts for more exploits in ABSOLUTE numbers than Apache. This is directly due to Apache's design and the Apache Project's diligence in patching holes.

        Most o
  • I have to ask... (Score:5, Insightful)

    by Motherfucking Shit ( 636021 ) on Saturday June 19, 2004 @11:48AM (#9472489) Journal
    Why is it that the Beeb has the scoop on a pending US bill, before I can find this story in any of the major US media outlets?
    • You do know all that the major US media news outlets do is re-run BBC stories, right?

    • Why is it that the Beeb has the scoop on a pending US bill, before I can find this story in any of the major US media outlets?

      Because the U.S. media hasn't figured a way to blame the problem of spyware on the Bush administration yet.

    • The first rule about US media coverage of US Gov't is you do not talk about the US media's coverage of the US Gov't. The second rule....

      Carry on citizen...Big Brother is appeased.
    • Since You Asked... (Score:5, Informative)

      by reallocate ( 142797 ) on Saturday June 19, 2004 @12:30PM (#9472741)
      First, the BBC doesn't have a scoop. I've been reading about the story for days. This piece is almost certainly a pickup from Reuters or another agency. (If it was a Beeb piece, the story would have a Beeb byline.)

      Second, you haven't seen it on the evening TV news because it isn't that much of a story. The bill, one of several on the same issue, made it through one House subcommittee. If it passes and is signed into law, then it might merit mentioning on "major US media outlets?.

      If spyware wasn't in the news this week, you'd likely not be seeing this story get any play at all. The story is, in fact, getting play because it make a nice sidebar for the other story this week about most PC's being infested with dozens of spyware programs.
    • It's on the US sites. The kid that submited the article lives in Munich: This is my weblog. It contains miscellaneous stuff happening with me (C.J.T.) here in Munich. []

      He's in 10th grade. That's about 15, right?
  • correction (Score:5, Insightful)

    by bl8n8r ( 649187 ) on Saturday June 19, 2004 @11:49AM (#9472499)
    The average WINDOWS machine has 28 spyware programs on it.
  • IE of course (Score:5, Insightful)

    by simetra ( 155655 ) on Saturday June 19, 2004 @11:50AM (#9472503) Homepage Journal
    It would be interesting to see what percentage of these "victims" used IE as their browser exclusively. I only use IE for sites written by fanboys which require IE. Otherwise, I use Opera. For kicks, I ran spybot on my pc at work and all it found were about a dozen cookies. The techie who suggested doing this says that the typical pc on our network has anywhere from 20 to 50 bad things. Go figure.
    • It's not IE's fault - it's the fault of stupid users. I use IE exclusively and haven't EVER had a spyware program on my computer because I'm not dumb about it.

      The problem is that the computer-illiterate have somehow gotten it into their heads that clicking "yes" to any window that pops up is a good thing. I'd be willing to bet that a good portion of them don't even read the window before clicking "yes". Of course, if they did read the window, they'd most likely be all excited to have an "AWESOME NEW PRO
      • Re:IE of course (Score:3, Informative)

        by nolife ( 233813 )
        It's not IE's fault - it's the fault of stupid users.

        If you believe that, you are no further ahead than the people you reference.

        An analysis [] of the 180 Solutions Trojan.

        A NTBugtraq post [] with info.

        There are many many other sources of info that describe how software and malware get onto your computer using combinations of holes in Windows and IE that does not present the user an acceptance screen. The links referenced are just a sample of what is out in the wild, they are not exceptions, they are the
  • by Anath ( 472249 ) on Saturday June 19, 2004 @11:50AM (#9472508)
    It is, but I can't see it being useful.

    Unless it contains decent punishments of course, like say.. Dragging the Spyware foisting bastards out into the street and shooting them in the back of the head, or some sort of testicle electrode device (like a "home detention" prisoner, goes off whenever the spyware "calls home")
  • A recent survey by the US internet provider Earthlink found that the average computer was packed with hidden software, such as cookies tracking online habits.

    It uncovered an average of 28 spyware programs on each PC scanned during the first three months of the year.

    How exactly was Earthlink able to detect the installed spyware? Tracking outgoing requests that were related to known spyware apps? Or did they allow users to run software that reported back to Earthlink for this survey?

  • 28 on average? (Score:2, Insightful)

    by qualico ( 731143 )
    That's conservative.
    If you include the cookies and registry entries that number has been into the hundreds for the clients I have been removing spyware, malware and adware from.

    When clients asked how they can legally do that, I can only point to the fact that it says so in the obfuscated end user agreement the company bets your not going read.

    SO if this law is passed, just how will it be enforced?
  • by LostCluster ( 625375 ) * on Saturday June 19, 2004 @11:52AM (#9472518)
    It's been on Slashdot mentioned before, but a good starting point for this kind of legislation is Google's Proposed Software Principles [] defining what honest programs should be doing.
  • Yes, I am a cynic (Score:3, Insightful)

    by segfault7375 ( 135849 ) on Saturday June 19, 2004 @11:52AM (#9472519)

    This is great except for the fact that companies like Claria (aka Gator) will simply buy a politican to say that their "products" are not spyware, and therefore not covered under this bill.
    • I don't even think they need to change anything they're doing, since Gator at least requires an affirmative confirmation to install and politely cleans up when asked to. As bad as they are, at least they're playing by the proposed rules already.
    • Re:Yes, I am a cynic (Score:3, Interesting)

      by mark-t ( 151149 )
      The solution to this is to have the bill define the behaviours necesary to qualify as "spyware".

      An extremely broad definition wouldn't necessarily be a bad thing in this case either...

      For example, spyware would be any software which collects and reports details about the user's computer or the user's activities to a party that has not previously obtained permission to perform administration duties on that particular computer. Said permission can only be obtained either by virtue of property ownership,

  • by seibed ( 30057 ) on Saturday June 19, 2004 @11:53AM (#9472523)
    a lot of spyware already 'informs you'... its just that the average public just clicks right through all of the legal stuff anyway.
  • It might work (Score:4, Insightful)

    by 14erCleaner ( 745600 ) <> on Saturday June 19, 2004 @11:54AM (#9472531) Homepage Journal
    You know, this actually has a chance of being effective, unlike the anti-spam laws. Spyware is pretty useless if it doesn't report home on its spy results, so it should be possible to trace programs that violate the law back to those responsible.

    Of course, the definition of "spyware" is critical. Legislatures in the past have had a hard time defining computer-related terms without making them too broad (for example, is your web browser spyware? After all, it's sending cookies back to all kinds of web sites!)

    • by ( 213219 ) on Saturday June 19, 2004 @01:47PM (#9473129) Journal
      A good portion of my day is spent dealing with spyware. I've noticed that in the past several months it has gotten worse, in some cases far worse.

      A law in the United States will only affect those companies with a legal presence in the United States. Many, many companies that offer software aren't in the U.S. Even if the law is effective on companies here, it will just migrate to somewhere that it isn't regulated and those Kaaza type companies will still be immune.

      While I hope you are right, I think that you are wrong and I guess that my attitude is that it is probably better dealt with using technology than laws. The loopholes in technology are easier to close.

      My ideal solution would be a system that would detect all types of malware and security threats and know how to fix them automatically. I'd like to see one component be "forward looking" where it would monitor computers and forward suspicious activity to a database that would be used to identify new threats in an almost real time manner. Of course this in and of itself could be considered "spyware" by some (because it would be reporting activity on your computer). But if all of a sudden xyzabc.dll started appearing on hundreds of computers in a short period of time, a human could evaluate it and figure out if it is a threat. If it is, it could be blocked on uninfected machines.
  • by klingens ( 147173 ) on Saturday June 19, 2004 @11:55AM (#9472535)
    I am sure this new law will be a overwhelming success story like the recent CANSPAM act.
    And now excuse me, I need to clean my Inbox again.
  • 28.... 28!!! (Score:3, Interesting)

    by joeldg ( 518249 ) on Saturday June 19, 2004 @11:55AM (#9472537) Homepage
    People have on average 28 spyware programs?
    holy crap!!

    well, at least this is another notch in the belt of opensource.

    That just amazes me. I tried a while back to see how easy it was to create one and installed a windows machine and hacked together an easy directx control that installed itself on page load and changed (just for testing) the word "Yahoo" into the word "Shit" and then had fun surfing aroud on "Shit! mail" and "Shit! autos".. It took a total of about two hours to create in Delphi and I am a unix programmer not a windows programmer.

    Just thinking how easy it would have been to make one that replaced 460x80 images with one from one of my servers and this really does not surprise me.

  • by blockhouse ( 42351 ) on Saturday June 19, 2004 @11:56AM (#9472543)
    What we really need is an act that would BAN malware, etc. altogether.

    Not as if it really matters. This bill, if passed, would only drive malware underground, and it'll be much harder to control. Viruses have been illegal for *years* but we all know how much they continue to plague humanity.
  • Copy Protected CD's (Score:3, Interesting)

    by Professor Calculus ( 447783 ) on Saturday June 19, 2004 @11:59AM (#9472560)
    I wonder if this will destroy SunnComm's copy protected CD model? The CD installs software on a Windows machine without user permission to prevent them from accessing it directly. Obviously this can be bypassed with the infamous Shift Key "Hack" anyway, but it works for most people cause they don't know what it is doing in the background. This bill could force SunnComm to get the user's permission to install the software, and even Joe Shmoe could bypass it then.
    • Unfortunately, it appears the bill is specifically limited in scope only to cover programs that transmit information about the user, how the computer is used, or things that are stored on the computer to someone else over the Internet.

  • Not Really Enough (Score:2, Insightful)

    by Steinfiend ( 700505 )

    A key congressional panel endorsed a bill that would force the makers of spyware to notify users before installing any software on their PCs.

    As someone closely involved in the ISP Tech Support business anything that can help eliminate this problem would be gratefully received. I'm not sure this is going to have ANY effect though. 'Legitimate' (if that's not an oxymoron) spyware installers already notify users through an EULA or similar. The illegitimate ones don't care about the law anyway so will ignore

    • As you pointed out, spyware companies can certainly word their installation screens and agreements to get around many spyware laws, but I think the most important provision of a spyware law would be the one saying that it is illegal to create self replicating software that was intentionally designed to be difficult to uninstall. That would get rid of the most damaging kinds of spyware, or at least make their creators responsible for the costs of cleaning up infected systems. I would, however, be curious to
  • I only have 0 spywares on my ENTIRE network. :(
  • by immel ( 699491 ) on Saturday June 19, 2004 @12:06PM (#9472598)
    28 pieces of spyware on the drive
    28 pieces of spyware
    Go to get a "Removal app"
    29 pieces of spyware on the drive!
    But seriously, there are a lot of apps out there pretending to be "spyware removal programs" that are actually spyware themselves. ACCEPT NO IMITATIONS!
  • by scruffy ( 29773 ) on Saturday June 19, 2004 @12:06PM (#9472600)
    This is only been proposed in one of the two US legistlatures. There are a few hurdles to pass before it becomes law, if ever.
  • by willith ( 218835 ) on Saturday June 19, 2004 @12:06PM (#9472605) Homepage
    I deal with a lot of spyware/adware at work, and one of the big problems is that the user usually has no idea why the advert windows are popping up, nor from where they're coming.

    I'd love to see spyware makers be forced to provide a small link at the bottom of *each advert window* that says something like, "This advertisement is being shown to you by $NAME_OF_PROGRAM. Click here for more information." Then, you could click the link and be taken to a page with a brief description of what the program is and what it does, and how to remove it. If it was installed because you installed KaZaa or whatever, it should say so there, too.

    Perhaps I should torture myself further by dreaming up more completely reasonable but totally impossible things...
  • Not what you think (Score:3, Informative)

    by z0ink ( 572154 ) on Saturday June 19, 2004 @12:07PM (#9472609)
    Safeguard Against Privacy Invasions Act - Directs the Federal Trade Commission (FTC) to prohibit the transmission of a spyware program to a covered computer (one used by a financial institution or the Federal Government) by means of the Internet, unless the user of the computer expressly consents to such transmission in response to a clear and conspicuous request or through an affirmative request for such transmission.

    It looks like this bill is only designed to protect banks and their own boxes. Better luck next time Average Joe American.
    • Luckily, Spyware programs are indiscriminate on which computers they install. Claria (Gator) and other companies might soon be destroyed by this law, which would fix the problem.
  • by fname ( 199759 ) on Saturday June 19, 2004 @12:08PM (#9472615) Journal
    28 spyware programs? No, that's not at all what Earthlink said. They did I study counting the number of spyware programs, adware programs and tracking cookies, and found an average of 28 per computer. Someone, either malevolently or ignorantly, decided to trumpet this as 28 spyware programs per PC. Even though the number seems on the face of it absurd (it is), most reporters and Slashdotters don't bother digging in & figuring out what the number really means.

    So I don't know if the writer & editor thought it was funny or true, but either way, stating that the average computer has 28 instances of spyware is outright false.
    • by fname ( 199759 ) on Saturday June 19, 2004 @12:17PM (#9472669) Journal
      OK, I found some links to back up my claims. First, here [] is the initial BBC article mis-characterizing Earthlink's study. Here's [] a guy who did some shoe-leather work to point out the falsehood in Earthlink's study, along with some more helpful links. Enjoy.
    • Sorry to keep replying to myself. But I would be remiss if I didn't point out that Earthlink intentionally tried to mislead the press & the public when they trumpeted their results by creating their own definitition of spyware. Only 0.35 real spyware programs er computer, by the way. Here's Earthlink's original press release [], and the actual report []. I still blame the press for dropping the ball, anyone who bothered to read the actual report would know that the press release & headline is a bunch of h
  • The spyware situation on the Internet is really starting to get out of hand. Every time someone asks me to fix their computer, it's loaded down with spyware. I remove it, and then a week later it's full of it again.

    The problem lies in several places:

    1) Users running insecure operating systems and browsers. This isn't going to change, your average user is going to continue to use Windows and IE.

    2) User stupidity. "Hey, that message says there's a problem with my computer, I'd better click 'Yes' to fix
  • Even if the law works perfectly in this country (doubtful), there's still a big world full of Bad Guys out there, willing to send you shit over the dub-dub-dub.
  • by i8a4re ( 594587 ) on Saturday June 19, 2004 @12:16PM (#9472660)

    Since we all know how technical majority of politicians are, I can just see them basing this whole bill on the definition of spyware. If you ask any of the companies that make spyware if their product is spyware, everyone will say that it isn't. This is just going to lead to millions of dollars being wasted on deliberations as to the definition of spyware etc.

    This bill it just an attempt to treat one problem. Why don't they make an ethical software bill where all software is required to follow certain standards. Don't worry about the user being informed of the reporting of their personal info. There are too many ways to legally get the consent of the user like a 349575 page EULA. Just focus on things like being easy to find and uninstall. This would make all spyware as we know it illegal. Also, required all software list the legal name of the individual(s) or company that developed the software.

    While I think that spyware and virus writers should be summarily executed, we all know that it is better to treat the source of the problem. Do something like imposing a small fine for every piece of software they install on your computer without giving you the ability to uninsall it with less than 10 clicks and no visiting a website (that doesn't exist) to complete the uninstall process. Figure $5 per violation, they'll be out of busines in no time.

  • by wolfemi1 ( 765089 ) on Saturday June 19, 2004 @12:33PM (#9472754)
    "A study by EarthLink found that the average user has 28 spyware programs on their computer!"

    No, the average EarthLink user has 28 spyware programs on their computer :P
  • by eyepeepackets ( 33477 ) on Saturday June 19, 2004 @12:33PM (#9472755)
    Perhaps some quality folks like Google can offer up a service whereby Joe Sixpack can browse to a website and get his Winbomb box serviced, much like he takes his car to a service station: He pulls up to the website, orders a cleanup/tuneup from the website, website cleans all the crap off his machine, checks his security settings, makes a few recommendations with the offer to do it for him on the spot, shows him a few ads whilst the PC is being serviced and then waves goodbye, telling him that his machine is being rebooted and will be ready to roll after it comes back up.

    What is that old adage? When faced with a bunch of lemons, make lemon pie? I forget but you get the idea.
  • what products I am supposed to buy, since the "helpful" computer won't tell me anymore?
  • by Fourmica ( 789657 ) on Saturday June 19, 2004 @12:44PM (#9472818)
    I'm head desktop geek for a publishing company in the United States, and I spend more time dealing with this crap than any other single problem.

    I've been getting asked quite a bit lately what exactly it is I do when I clean up someone's machine. The problem is, while some of my techniques are easily documentable, alot of it comes from just eyeballing the situation and figuring out what doesn't look right.

    I watch the Slashdot threads regarding spyware often and, until recently, have merely lurked. Today I registered, so I can share this with everyone. It may be a bit off topic, but let us be real - legislation isn't going to take care of this problem anymore than it has spam. Some of you probably know all this already, but I hope that those who don't get some use out of it. Obviously I can't take any responsibility if you screw up your computer, so be careful out there!

    Note: Use Mozilla or Firefox. Not using IE will prevent 99% of all spyware infection. I highly recommend it, for yourself and your friends and family. This is the number one step you can take to prevent spyware and hijacking, as well as preventing weekend trips to the inlaws/cousins/siblings to clean up their infected machines :-)

    What is Spyware?

    Spyware, Adware, Malware, Crapware, Roachware (because just when you think you've gotten them all...); all of these terms refer to a virus-like category of software which is placed on a computer for the purpose of generating revenue, usually either by displaying popup ads, redirecting search requests from within the browser, or collecting demographic information.

    The programs themselves can end up in a number of different places:

    - As an item in the Run key in the registry (the listing of startup programs you
    see in MSConfig) - Specifically,
    HKEY_LOCAL_MACHINE\Software\Microso ft\Windows\Curr entVersion\Run or
    HKEY_CURRENT_USER\Software\Microsoft\Windows\C urre ntVersion\Run

    - As a Browser Helper Object (BHO), a class of ActiveX control originally designed for extensions to Internet Explorer, such as Toolbars. The Google Toolbar, Yahoo! Companion, and Acrobat Reader plugin are all examples of BHOs

    - As a link, EXE or DLL file which is placed in a URL, such as a default Search URL or the Home Page. IE uses a set of URLs to control its automatic search behavior. When these URLs are triggered - or the home page is opened - either the page is opened containing ads which the URL is designed to impress, or the EXE or DLL is called to generate popups, verify it is still installed, etc

    - As a registered DLL which is loaded on startup as an operating system component (Nasty!)

    For the executable files loaded on startup, these programs - in addition to their main ad generating function - will generally check to see if their components are still properly installed, and if they are not, they will reinstall themselves. This is why you will often see spyware mysteriously come back after you think you've succeeded in removing it.

    Many of these programs will also alter Home Page and Search URL strings, so that every time the browser is opened or a search takes place, an ad impression or page hit is generated by the program's controller.

    The nastiest of all these programs will have more than one process running at any given time, watching its companion processes - so that if you kill one, its partner launches itself again. It's like Whack-a-Mole, but without the cheap prizes they give you for tickets.

    Most of this stuff gets installed piggyback with things like Comet Cursor, browser "skinners", various toolbars, downloadable games, etc. The nasty ones, however, will use security holes in IE to install themselves without the user having any clue. Others act as "gateway programs" - once one of them gets on, the others get carte blanche.

    Now that you've got the basics on what this stuff is, it's time to look at removal techniques.
  • A study by EarthLink found that the average user has 28 spyware programs on their computer!

    Which confirms what we all already know, that the average computer user is an idiot.

  • I have, like many here, also been responsible for cleaning many of these ridiculous "marketting tools."

    On some level, everyone involved knows what they are performing morally questionable acts. That fact isn't deterrent enough. Many of these programs make great effort to prevent their removal which is pretty strong evidence the authors and distributors are aware that these annoying programs are rejected by the very people to which they wish to market.

    A criminal law is certainly needed in order to punish
  • The proposed bill would force programs to inform the user before installing programs, and require that spyware be easily removed.

    Hey guess what - people are already informed when these programs are going to be installed. I'm not aware of anything that requires zero user interaction to install, do you? It's either bundled with some other app (seems like this would still fall inside the bounds of this law) or it's through a popup in IE. So instead we'll have spyware programs asking for user confirmation in
  • Like it matters? (Score:3, Insightful)

    by Ryosen ( 234440 ) on Saturday June 19, 2004 @01:03PM (#9472910)
    Do people who write malicious software really tremble any time some dillusional congress critter gets it in his head to attempt something like this? Are people really deterred by any (alleged) action taken by ANY goverment, let alone the US?

    Seeing as how well the CAN-SPAM act has been working out, I'm not going to hold my breath expecting great things from this bit of rubbish, either.

    Educating the masses on how to protect themselves is the only way to defeat spyware and viruses. (Well, that and don't use IE). But, then again, it's the educated masses that the government fears the most.

    Aw, screw it. Maybe they should make you take a drivers test before you get on the Information Superhighway®.
  • by dcavanaugh ( 248349 ) on Saturday June 19, 2004 @01:06PM (#9472922) Homepage
    Taxation on the program, per installation, and a tax on the ads devivered via spyware. While we're at it, maybe a tax on each byte of data sent outbound via spyware. Killing spyware is then a simple act of following the money and taxing the hell out of those who distribute or benefit from it.
  • by Ralph Spoilsport ( 673134 ) on Saturday June 19, 2004 @01:23PM (#9472992) Journal
    on the order of the crapware^H^H^H^H^H^H^"security features" the music industry insists on [] plaguing the planet with.

    don'tcha just love it when one hand of Corporate America Chops Off the other hand? It's kind of like watching a slow motion train wreck, or a circular firing squad.


  • by Corbin Dallas ( 165835 ) on Saturday June 19, 2004 @01:33PM (#9473039) Homepage
    If you're running a Windows PC:

    Ad-Aware []

    Spybot-S&D []

    Every Windows PC needs these installed, updated, and run at least once a week. You need both: sometimes one will catch something that the other won't. Even then you are not 100% safe. For really nasty Spyware:

    HijackThis! []

    Note that HijackThis! is NOT for joe user! Removing the wrong entry can disable legitimate apps. Also, for IE users:

    • Click 'Tools', then goto 'Internet Options...'
    • Click on the 'Advanced' tab, and look for the 'Browsing' section.
    • Make sure the following options are unchecked:
      • Enable Install On Demand (Internet Explorer)
      • Enable Install On Demand (Other)
      • Enable third-party browser extensions (requires restart)

    • Now click on the 'Security' tab. Make sure the 'Internet' zone is highlighted.
    • Click on the 'Custom Level...' button.
    • Make sure you have the following settings:
      • Download signed ActiveX controls: Prompt
      • Download unsigned ActiveX controls: Disable
      • Initialize and script ActiveX controls not marked as safe: Disable
      • Run ActiveX controls and plug-ins: Enable
      • Script ActiveX controls marked safe for scripting: Enable

    You could set up tighter ActiveX permissions than this, but doing so would disable Windows Update, which is just as dangerous.

Time to take stock. Go home with some office supplies.