The Shopify Hacker-Powered Security Story » Get the Report from HackerOne!
Welcome Guest | Sign In
ECommerceTimes.com

Spyware Targeted at Congressional Hearing

By John P. Mello Jr. TechNewsWorld ECT News Network
Nov 20, 2003 6:40 AM PT

A bill to take the "spy" out of spyware got a public hearing before a Congressional subcommittee Wednesday.

Spyware Targeted at Congressional Hearing

The legislation filed by Rep. Mary Bono (R-California) would require spyware purveyors to inform computer users of the presence, nature and function of their applications, as well as seek permission from users before downloading intrusive goods to their computers.

"Unfortunately, consumers regularly and unknowingly download software programs that have the ability to track their every move," Bono told members of the House Commerce, Trade and Consumer Protection Subcommittee of the House Energy and Commerce Committee.

Not Just Annoying

"Consumers are sometimes informed when they download such software," she continued. "However, the notice is often buried in multithousand-word documents that are filled with technical terms and legalese that would confuse even a high-tech expert."

Spyware -- software intended to aid an unauthorized party in obtaining private information from a computer without the computer owner's knowledge -- used to be considered an annoyance, but it has become much more than that.

"The issue of spyware has been around for a long time, but we've noticed that it's becoming increasingly malicious," said Ken Sokol, senior product manager at Clearswift of Bellevue, Washington, a maker of Internet and e-mail filtering software.

Information Stealing

"You're starting to see some very sophisticated capabilities built into these things," he told TechNewsWorld. "Some spyware will sit there and monitor what you're doing at your computer or steal sensitive information about you or your customers."

Until now, spyware has been seen as primarily a consumer problem, but Clearswift issued a white paper on the eve of the Congressional hearing suggesting the malware will create serious trouble for businesses, too.

"[Programs that] have been marketed and sold as corporate security devices and parental control software for kids are finding their way into the hands of hackers and criminals [who aim to] remotely [take] control of a victim's PC to facilitate industrial espionage," Clearswift Threatlab manager Pete Simpson said in a statement.

"Commercial spyware is a serious threat to corporate networks and unless taken seriously, can place personal and corporate confidential information at risk, resulting in identity theft and corporate espionage," he noted.

Silent and Dangerous

The connection between spyware and identity theft was also argued at the Congressional hearing by Roger Thompson, vice president for product development at Carlisle, Pennsylvania-based PestPatrol, maker of an antihacking utility that detects and removes hacker tools, spyware and Trojan horses.

In testimony submitted to the subcommittee, Thompson said: "Spyware is silent. It's invisible to the consumer. It allows criminals to steal from them. It arrives uninvited and unwanted. It has not received the attention needed to warn the unsuspecting of these dangers to their personal and confidential information. And, perhaps worst of all, spyware and similar malware problems rob consumers of the confidence needed to make commerce over the Internet inviting, safe and successful."

This year alone, Thompson noted, his company has received 60,000 incident reports from customers about spyware abuse.

Foggy Policies

PestPatrol, along with Webroot Software, Aluria Software and Lavasoft, have formed a group -- the Consortium of Antispyware Technology (COAST) -- to increase consumer awareness about spyware and its dangers.

The group also is working on a code of acceptable behavior for spyware makers, which is expected to be released in the second quarter of 2004. "There is a place for adware, but there needs to be full disclosure on it," PestPatrol vice president of business development Pete Cafarchio told TechNewsWorld. "It must also be more forthright in its claims of the personal information that it's collecting. Right now, privacy policies can dance all around that issue, and you can be left in a fog."

Creating deportment guidelines for clandestine applications might appear to be a dubious exercise, but Cafarchio said COAST has been approached by some spyware makers that are eager to comply with such standards. By conforming to a code, the vendors believe their software can avoid being tarred with the spyware epithet, Cafarchio explained.

Retaliation Warning

"There are a lot of people who want to do the right thing -- even marketing companies -- but right now there's nothing out there that's clearly defined," he said.

Although some civil liberties groups have voiced objections to spyware legislation, Cafarchio sees some benefits of Rep. Bono's efforts. "It increases awareness, and that's real important," he asserted. "And it serves as a warning to some of the application developers that are pushing the boundaries that people are reaching their limits and they're going to retaliate if something isn't done."


Facebook Twitter LinkedIn Google+ RSS
Freshsales - Your salesforce deserves better CRM
What best describes your attitude toward social networks and politics?
The value of engaging in serious political discourse outweighs the negatives.
Most of the political conversations seem overheated and ignorant.
Social networks provide a lot of very good political information from reliable sources.
Almost every political post I see is skewed or totally fake.
Political interactions on social networks simply mirror those in the real world.
Social networks remove inhibitions, bringing out the worst in people and politics.