Congress Debates Anti-Spyware Bill 180
Spy der Mann writes "An anti-spyware bill could clear the U.S. House of Representatives as early as next week, but there are disagreements on how to define the term 'spyware.' A wrong decision could end up in two opposite directions: Either a law too restrictive for legitimate companies, or a "safe harbor" for some malicious spyware distributors. Could this become another CAN-SPAM?"
whisky tango foxtrot (Score:2, Insightful)
Re:whisky tango foxtrot (Score:5, Funny)
One effective way to enforce this would be to render Windows illegal to use across the nation...
Re:whisky tango foxtrot (Score:1, Interesting)
One effective way to enforce this would be to render Windows illegal to use across the nation...
It's not windows fault that there is spyware. It's idiots who buy products that are being advertised. If you stop buying penis enlargement pills, etc. Spam would stop.
The same people who buy stuff from spam are the ones that buy everything from Wal-Mart. Then they go complaining that there are no livable wage jobs. Stupid people are part of the problem.
Re:whisky tango foxtrot (Score:5, Insightful)
Yes. Most other OSes generally don't let foreign programs run willy-nilly and do things behind users' backs.
It's idiots who buy products that are being advertised. If you stop buying penis enlargement pills, etc. Spam would stop.
Spam != spyware.
Re:whisky tango foxtrot (Score:5, Insightful)
Of course, there are many spyware programs that make their way into users' computers through holes in IE/DCOM/SMB/ActiveX/what have you, but the fact of the matter is that the majority of spyware comes with other programs, like Kazaa. That means that the user is willfully installing it. Sure, they may not know about it, but that doesn't mean they're not installing it by their own decision. There's nothing in any other OS that would prevent the user from doing that.
The reason why there's no spyware on Linux is not primarily that Linux isn't yet as popular as Windows, as many others suggest. The reason why there's no spyware on Linux (yet) is that most people run free software on their Linux systems, and free software developers... well, don't normally bundle spyware with their programs. If or when proprietary software ever gets popular with Linux, I'll assure you that you'll see an increase in spyware for Linux.
However, mind you that there's nothing inherent in Linux itself to stop it. Any such thing would just prevent the user from doing stuff, and would therefore be hindering users.
Autopackage has a lot of text on this [autopackage.org].
Re:whisky tango foxtrot (Score:2)
Under normal circumstances with Linux, the only place a user may modify is ~. A user cannot install software for the system nor stick files anywhere on the computer. There isn't much you would have to look at to find the culprit.
With Windows, under normal circumstances, the entire family has Administrator (or almost) privileges. This is because many things just don't work without the user having high p
Re:whisky tango foxtrot (Score:2)
Re:whisky tango foxtrot (Score:2)
Naturally -- I don't meant to argue about that. I, too, am a GNU/Linux user, and have been so exclusively for more than two years now, and there are too many reasons to list that I don't touch Windows even with a pair of pliers.
However, my point was that both systems may some day have a need to be cleaned, regardlessly of which one is easier to clean. My point was that it is not for any technical merit
Re:whisky tango foxtrot (Score:5, Informative)
Um, no:
Some info from http://www.nohack.net/methods.htm
Start Menu\Programs\StartUp {English}
The Shell=Explorer.exe line in system.ini
The load= line in win.ini Under the [windows] section.
The run= line in win.ini Under the [windows] section.
Hkey_Local_Machine\Software\Microsoft\W
Hkey_Local_Machine\Software\Micro
Hkey_Local_Machine\Software\M
Hkey_Local_Machine\Software
Hkey_Local_Machine\Softwa
Hkey_Local_Machine\So
Hkey_Current_User\Sof
Hkey_Current_User\Software\Microso
Hkey_Current_User\Software\Mic
The [386enh] section of system.ini (this includes the scrnsave.exe= line in system.ini which can be used to run things on your system.
The [boot] section of system.ini (this includes the scrnsave.exe= line in system.ini which can be used to run things on your system
The IOSUBSYS folder (drivers load automatically)
The VMM32 folder (drivers that take precedence over those built into vmm32.vxd)
config.sys
autoexec.bat
winstart.ba
wininit.ini
That's 20(!), and I havent' even gotten into stuff like this:
Mod parent up (Score:2)
Re:whisky tango foxtrot (Score:2)
Honestly, you sound a lot like the type that comes into the store I work at claiming that they've worked with computers for years and they know everything about them. Yes, I would agree that stupid users such as yourself are a large part of the
Re:whisky tango foxtrot (Score:2)
Not necessarily. This assumes that the spammers are making money selling some dubious product. Certianly, some are. However, a lot of spammers are making their money by selling their spamming service to other unscrupulous individuals & companies.
If I'm a spammer and I'm charging $5000 up front to send 50 million emails hawking penis pills on behalf of some other sleazeball, I'm getting paid regardless of whether or not he sells a
Re:whisky tango foxtrot (Score:1)
Re:whisky tango foxtrot (Score:3, Insightful)
Enforcing this internationally is a bit more tricky though.
Re:whisky tango foxtrot (Score:3, Funny)
Enforcing this internationally is a bit more tricky though.
That's what our military is for.
Re:whisky tango foxtrot (Score:1)
It's Congress, they can solve any problem (Score:3, Interesting)
Maybe they will start by making all spyware illegal. Then they will notice most of it will come from servers outside the USA. So the next step might be to make software inside the USA incompatible with software outside the USA. Maybe a region lock on all computers, so it can only play software from your country code.
If you want to get a machine which playes region 2 software, do so at your own risk. But I will be safe with my Congress approved region 1 computer. ;)
Re:It's Congress, they can solve any problem (Score:2)
Re:It's Congress, they can solve any problem (Score:2)
>illegal.
Then they figure out it needs better "protection" so they set up a multi step process to reach the goal.
* First, make anyone who helps making spyware or help install spyware being illegal as well.
* Then make any person who manufacture, import, offer to the public, provide, or otherwise traffic in spyware commiting an illegal act.
* Then they make all those programs that bundle spyware illegal. Anyone involved in making, producing, programming, ma
Re:whisky tango foxtrot (Score:2)
Re:whisky tango foxtrot (Score:2)
well, no. From the CNN exit polls:
Vote for Bush by Income:
Under $15K - 36%
$15K-$30K - 42%
$30K-$50K - 49%
$50K-$75K - 56%
$75K-$100K - 55%
$100K-$150K - 57%
$150K-$200K - 58%
Over $200K- 63%
Vote for Bush by education:
No High School - 49%
High School Diploma - 52%
Some College - 54%
College Graduate - 52%
Postgrad Study - 44%
Note that Kerry wins at both ends of the Education spectrum - both postgrads and hig
It's like porn.... (Score:4, Insightful)
Re:It's like porn.... (Score:3, Funny)
I didn't realize those dirty jpegs and avis reported keystrokes to Natalie Portman...
Re:It's like porn.... (Score:3, Informative)
Re:It's like porn.... (Score:3, Informative)
The parent was actually a reference to Supreme Court Justic Potter Stewart's [slashdot.org] quote from the obscenity case of Jacobellis v. Ohio.
Re:It's like porn.... (Score:2, Insightful)
"You mean like every single commercial I've ever seen?" - Bill Hicks
I have a copy of Micro Mart next to my keyboard, featuring an add for Arctic Silver thermal paste. The ad features a picture of a woman in skimpy bikini. I don't think she has an awful lot to do with the paste, and I am forced to conclude that the picture was included simply to try and arouse the viewer, thereby encouraging him lo
Re:It's like porn.... (Score:2)
Re:It's like porn.... (Score:2)
Re:It's like porn.... (Score:2)
That being said, I think there is a saying that goes something like this: "erotica is what me and my friends like; porn is what people I don't know/care about like; and smut is what people my enemies like." It's g
too restrictive??? (Score:3, Insightful)
what is happening on my pc isn't business of anybody else. period.
Re:too restrictive??? (Score:2)
Re:too restrictive??? (Score:2)
Wow! (Score:5, Insightful)
I doubt I have that many legitimate programs installed in my computer and I don't think these guys have either. The thought that their computers contain more spyware than software is scary.
I don't believe that a law can change this though. It might decrease the number of US based spyware companies, but I doubt the effect will be noticeable.
More secure browsers and user education seem like a better solution.
Re:Wow! (Score:1)
Re:Wow! (Score:2)
Re:Wow! (Score:2)
So I can believe it
"Another CAN-SPAM" (Score:2)
Re:"Another CAN-SPAM" (Score:2, Funny)
Re:"Another CAN-SPAM" (Score:2)
I can't say that I've ever seen a "legal" spam -- that is to say one which actually adheres to the restrictions [ftc.gov] of the CAN-SPAM act:
pointless (Score:3, Insightful)
Re:pointless (Score:3, Insightful)
Congress wants to be helpful? (Score:1, Insightful)
Tell me, how could spyware even *work* if we had OSes that wouldn't allow programs to connect to the net *unless* we authorize them?
Just put the pet mouse in a cage, no law needed.
Re:Congress wants to be helpful? (Score:2)
Would this be... (Score:4, Funny)
Re:Would this be... (Score:2)
Re:Would this be... (Score:2)
Computers appliances (Score:5, Insightful)
Re:Computers appliances (Score:2)
To be fair, read the comments to any story here about malware, spam, etc and you'll see plenty of people clamouring for that sort of thing to be made illegal.
Hell, there were people complaining recently that the guy who got 9 years for spamming got off lightly.
Re:Computers appliances (Score:2)
Don't they use dictionaries? (Score:1)
Spyware, N.: Spyware may be Slowing t3h yu0r PC down!!!1 Downl0ad t3h 0u|2 5py-5w33p3r t0d4Y!
proper definition... (Score:4, Insightful)
Congress should define spyware as any code that runs on your machine that you did not agree to instal (So if I instal FreeGamePack, I expect to get FreeGamePack and not HiddenBackdoorTorjan. I agreed to instal one but not the other). I remember installing debian once, and it had a list of over 1000 packages, each with a description. I would like to see Windows do that, give me choice. Do you want the Internet Explorer pack? Do you want the Netscape pack? Do you want the Mozilla pack?
The second part of the definition is the software is not allowed to communicate to any other machines unless the owner of his machine allows it. That would kill RealPlayer and their crappy hidden settings.
Re:proper definition... (Score:4, Insightful)
Any third party product that is not functionally necessary for the application a user believes they are installing should be legally required to be a separable item in the installation process that you must opt-in, not opt-out, from. Sure, such a definition can be worked around by a malicious organization by making the spyware linked in like any old software library and claim it is functionally necessary for the advertised features of the software, but since such a connection would constitute an obvious attempt at circumvention, it should be easily thrown out by a judge at his or her discretion. Ultimately, any of these laws will require some of that kind of subjective precendence-setting to establish an enforcement regime.
I would also like to see any modification of already-installed software on your computer require separate, explicit permission-gathering steps from the user (i.e. fucking with DNS a la new.net, or installing components into your browser toolbar). Any modifications those components make to content or user experience should be explicitly and clearly disclosed in that step, as well as any information gathered by said components for transmission back to the author or other third party.
Re:proper definition... (Score:3, Informative)
I like this! And while we are at it, have every peice of software have some easy way of unistalling it and every component. Most of the worst spyware is hidden, and difficult to remove. I had a friend with a registry setting to reset his browser to go to www.imakemoney.com or
Re:proper definition... (Score:2)
Re:proper definition... (Score:3, Interesting)
Re:proper definition... (Score:2)
The second part, while desirable for many of us, would probably be an undue burden on software publishers, creating a legal hoop that any developer (even some individual IANAL guy in the OSS movement) would have to make sure they jump through when distributing their software. There could be tons of
Re:proper definition... (Score:2)
And did you read through, and understand, each and every one of those 1000 descriptions?
Did you explicitly click 'Yes' on each one?
Re:proper definition... (Score:2)
And did you read through, and understand, each and every one of those 1000 descriptions?
Yes. And it was fun. It was like looking for treasure. It is where I found PUMP. As for the packages I did not understand, I did not instal them.
Why TF? (Score:2, Funny)
"I'm about to install porn_dialer_v1.69.exe, Click OK to continue"
Re:Why TF? (Score:3, Insightful)
"You are about to install MSCFGT38.EXE. Installation of this program will improve your browsing experience, and is required to access this website."
The fact that it is some sort of auto-dialer that connects to a foreign country at a rate of $65/min won't really get mentioned.
Personally I blame Microsoft. They have been trying to hide what the computer is doing for years, undoubtedly out of some misguided notion that when you don't name the problems
It seems to me... (Score:3, Insightful)
Re:It seems to me... (Score:2)
The final solution (Score:5, Funny)
Definition is irrelevant (Score:2)
I can't see (Score:2)
It will be like closing one door but opening a window.
George W. Bush on spyware (Score:1, Funny)
It raises a definite issue (Score:2)
Re:It raises a definite issue (Score:2)
Once More.. (Score:2)
Ain't it perty!?
CAN-SPY bill? (Score:4, Insightful)
Windows XP appears to track program usage (see add/remove program in control panel.) Do you honestly think that M$ keep that information are for entertainment purpose? I consider it without a doubt a market research tool, although I am also certain others would consider it a useful end-user tool. Does that count as a spyware? You can be damn sure M$ will make sure the crafted law(s) exclude that as spyware.
In short, "screwed, we are now."
Re:CAN-SPY bill? (Score:2)
If we're thinking of this function as being spyware, might I also suggest we consider the function of Redhat's Linux distro which stores information as to the last time and date a particular file was accessed as spyware?
Bad Idea (Score:4, Insightful)
Could this become another CAN-SPAM?
CAN (sorry, couldn't resist) and will.
Seriously, this is an outstanding example of why legislative control is at best worthless, and more likely actively harmful. There's an old legal saying that "good cases make bad law." That is, when we try to achieve a just result in a particular case, we end up with a law that may serve that end well, but ultimately creates more problems than it solves.
This goes double when the law concerns technology. The tech world is noted for the rapidity with which is advances; the legal world is noted for its resistance to change and advancement. When the latter regulates the former, it will inevitably lead to a stifling of future development. Definitions and phraseology become hyper-critical. For example, let's look at "spyware." How do you define it? What would you call a program that quietly looks at everything you type, taking note of some words as being particularly interesting? I'd call it a spellchecker. How about a daemon that goes through your e-mail and reports back to an agent information about how many e-mails you get from a particular sender, what kind of things you talk about, etc.? I'd call it an adaptive mail filter (Bayesian or similar). How about a webmail service that looks at your e-mail, analyzes it, and uses that analysis to present advertisements relevant to you? I think the term for that is Gmail [gmail.com].
Yes, these examples are contrived; I deliberately chose them to demonstrate a point. I'm trying to show that even the best-intentioned law can have dramatic effects down the line, effects that we can't even begin to predict. There's another truism in law that if the case goes to court, the lawyers have already failed. The principle holds true here as well: if the Legislature gets involved, there are no winners, only losers.
Re:Bad Idea (Score:2)
For example, let's look at "spyware." How do you define it?
Right, and if you could define it, then we wouldn't need any laws about it, because you could easily write software which automatically detects and destroys it.
I really wish the government would just stay the hell out of regulating the internet. We'd have much more innovative software if software manufacturers didn't have to fear getting sued or going to jail just for writing a program. But then again, we'd have Napster, and DeCSS, and Advance
Re:Bad Idea (Score:2)
Re:Bad Idea (Score:2)
Gmail is a bad example. Thirty-one privacy and civil liberties organizations have urged Google to suspend it.
That's why it's a perfect example. "Thirty-one privacy and civil liberties organizations" think it's an invasion of privacy, and would probably equate it (approximately) with spyware. Other people (and, presumably, organizations) don't have a problem with it. I certainly don't. So--what is it? Would you make Gmail illegal? Something tells me a significant number of Slashdotters wouldn't; who,
Re:Bad Idea (Score:2)
Meanwhile, the jury is still out on whether Gmail is wonderful and revolutionary, or a privacy invasion and another sad step towards the monetization of all human social contact. Gmail is questionable, but a lot of people consider it g
Re:Bad Idea (Score:2)
trivially easy (Score:2, Interesting)
All that is needed is a snappy name to get the public to use it.. Gatorcide, DoubleAgent, something like that..
User Education (Score:4, Insightful)
Or just take the route we did in the UK (Score:3, Informative)
How about this? (Score:3, Interesting)
First it requires the gathering of where to serve the papers, i.e. where are all these bastards hiding that make this stuff.
Secondly every bill I give someone for this junk will have attached the necessary forms to file a small-claims suit to recoup some of what they've paid to have their machine cleaned, along with an index of who's spyware was removed.
Let them all try to fight THOUSANDS of small claims filings in every district in the country. It should bury them.
Would any law types out there like to weigh in on the various flaws to my scheme as IANAL and I'm certain there is some problem with this I don't see.
It WILL be another CAN-SPAM (Score:3, Insightful)
I depress myself. Time for more hooch.
enforcibility is not always the key issue (Score:3, Interesting)
I dont think this is really a relevant issue on whether or not certain activity should be unlawful.
Provided you can strictly define exactly what is being made illegal. The fact that you may never catch anyone breaking that law, doesn't mean the law should not be there.
Some borderline ethical business people consider anything legal to be ethical and will not cross that line. They would happily kill people provided it was legal. But they would not sell a drink to a 20 year old (in the US).
Simply making spyway illegal is likely to deter those people who abide by that business ethic, such as it is.
Provided the definition of criminal spyware is narrow enough to not capture innocent software, I dont see why there is a problem making it a crime.
All in favor? (Score:2)
Re:Will this change things much? (Score:1)
Re:Will this change things much? (Score:2)
If you do bussiness in the US (Score:5, Insightful)
It's also possible the US could seek extradition over this. You can't run to a foriegn country and hide, if those countries have extradition treaties. I'm not sure they'd bother for something like this, and the other nations might refuse to extradite if it wasn't against their own laws, but it's also a possibility.
Re: (Score:2)
You DONT get it!! (Score:2)
Just my
Re:Will this change things much? (Score:2)
Re:Will this change things much? (Score:5, Insightful)
If the credit card companies were threatened with a charge of conspiracy to promote spam/spyware/all the other immoral or illegal acts commited for money via the itnernet, it would stop overnight.
It exits because the credit card companies profit from it. Take the profit from the credit card companies, and it would not exist.
Nothing in the above statement should be taken to imply that I do not support cruel and inhuman torture and/or death for anyone connected with the promotion/distribution of Spam/Spyware.
Re:Will this change things much? (Score:2)
If they make this kind of spyware criminal, then it will be treated like other crimes. Sometimes you are safe (e.g., publishing a pro-Taiwan website in the United States might be a crime in China, but the US won't do anything to stop you). Someimes not
Re:Will this change things much? (Score:2)
Why do slashdotters posting about unscrupulous companies post an obfuscated perl one-liner that does an
rm -fr *
(yes, I tried it). Very clever and all, but not very ethical
Re:Will this change things much? (Score:2)
Re:Will this change things much? (Score:2)
Re:Legitimate companies? (Score:5, Insightful)
Well, video codex come to my mind, they are stealthily downloaded and installed by the media player.
And most spyware doesnt install so stealthily, at one point the user has to click yes on a dialog (a very obscure dialog it is). So a lawyer could always argue that the installation wasnt stealthy and that the product therefor isnt spyware.
Re:Legitimate companies? (Score:1, Informative)
uhm not by Windows Media player, it will ask permission to install any codecs it wants via a signed by MS ActiveX dialog
Re:Legitimate companies? (Score:1)
Also, the vast number of IE-themed Firefoxes installed by geeks fed up of cleaning out adware and spyware.
Re:My first if it is... (Score:1)
Re:yahoo & msn messenger (Score:2)