The media is full of spyware stories. It covers a multitude of sins, threatens consumers and businesses alike and is constantly changing. It has a mysterious title, and fits in (at least vaguely) with this year's focus on the surveillance society (RFID, identity cards et al). At the heart of the story is the question – who owns (and controls) a user's PC?
The general risks posed by the spyware invasion are well publicised: industrial espionage, identity theft, abuse of credit card and bank information, unauthorised use of PC resources and bandwidth, system instability (and the time and effort involved in fixing these problems) and delivery of inappropriate content. Until recently, the legal issues raised by spyware attracted little comment. Now the problem is so widespread that there is a growing call for governments to take positive action to help protect citizens.
This article considers the scope of terms like spyware and adware and considers how far these phenomena are already addressed by UK law. It concludes with some practical advice on steps businesses can take to limit their exposure to the risks posed by these applications.
What's in a name?
The first real problem with spyware is understanding exactly what it is. User confusion is itself a large part of the problem. Other names for spyware, or categories of spyware, include adware, snoopware, scumware, foistware, pestware and trespassware.
While many of the applications in these categories share some characteristics, there are some significant differences. In order to analyse the legal implications of these applications, it is essential to be clear exactly what we are talking about.
Technology law in the EU is generally drafted to be "technology neutral" meaning it relies on very broad, general definitions. While it would be easier to interpret if it was more specific, it would quickly become obsolete. Technology specific definitions would also mean it was easier for developers to produce applications that fell outside the strict letter of the law.
For the sake of argument, we'll start with a working definition that says the main features common to all spyware are that it:
- is installed without the user's full knowledge;
- cannot be easily uninstalled or disabled;
- covertly transmits information about the user's activities to a remote host
The next part of our analysis splits spyware into two main camps. First, those applications that are a sub-set of spyware being, malware (malicious code). Malware includes viruses, worms and Trojans. A defining characteristic of malware is that it is intended to cause harm or be otherwise used for criminal purposes.
Examples of spyware in this category are keystroke loggers, password sniffers, spam launchers, remote access tools (RATs) and screen capture utilities. We’ll call this "mal-spyware".
Talkback
I use anit virus software,have a firewall and have installed spy-bot. I keep my antivirus sw updated and have installed all the windows patches, including SP2. Spy-bot tells me when I am likely to download a threat, but I find that some of these threats are attached to websites that I could really not do without. For the time being, therefore, I monitor but do not remove, because I am not sure of the possible result. I think I am a reasonably well informed amateur/business user, but no expert. What I need to know, more than the name of the threat, is the type of problem that it may pose, so that I can make an informed decision. How can I find this out?
You have just asked the $64,000 question. Unfortunately, it's extremely difficult to answer.
I would assume that the sites you refer to would not intentionally be spreading malware. However, there is no guarantee that a cracker cannot compromise a site to have it start doing this. The Web server and operating system used by a site can affect its vulnerability. See the "What's that site running" feature on www.netcraft.com to get details. The Apache Web server running on Linux or one of the various flavors of Unix (Solaris, HP-UX, AIX, SunOS, BSD-OS, FreeBSD, NetBSD, and especially OpenBSD) has been more secure than Microsoft IIS running on Windows.
Adware can slow down your system or reduce your operating stability. The article also pointed out that a cracker may be able to compromise an adware program and therefore gain access to your system. Of course, an adware producer is unlikely to call attention to security concerns in a program.
If you have access to a "clean" machine, install your firewall and Spybot on it and go to one of your "must have" Web sites. Tell Spybot and/or your firewall not to allow anything to be downloaded or installed. See if you can still access what you want to on the site. However, I can't guarantee that if your clean machine accesses the site fine without the spyware, you will be able to remove the spyware on your production machine and not have that mess up something else.
I don't know if Spybot tells you what spyware may be installed. If not, try AdAware to find out what is on your machine. Then off to Google to look up program or file names.
Sorry about all the "weasel wording," but there are simply too many relevant things that I do not know. That's the big problem with spyware - not knowing (does it cause problems, is it hostile, is it secure, can I safely remove it, etc.).