OT: A few have expressed interest in learning about spyware/adware, I found an article in the Montreal Gazette on Saturday you might find enlightening. Keep in mind, a lot of our very sensitive information is out there on the net, so beware!
Saturday 30 June 2001
Beware of the spy in your PC
Programs can collect data on you, without you knowing they are there
JOHN MORAN
Hartford Courant
Is your computer harbouring a secret spy? Could be, especially if you've been downloading a lot of freeware or shareware programs.
In the growing scramble for revenue, many Internet companies are resorting to what's known as "spyware."
Spyware programs - often bundled with other software - are designed to collect statistical and online-usage data, often without the knowledge of the computer user. Those data are then reported back to the software maker, generally for advertising purposes.
I had heard about spyware programs, but was still shocked to find one running on my PC recently.
The program, called webHancer Customer Companion, arrived stealthily, along with a piece of software that I had downloaded to play MIDI, a kind of digital music file.
On reinspection, the Web site where I downloaded the MIDI player did mention that webHancer was bundled inside. But that mention was tucked at the bottom of a Web page that appeared only as the software was poised for download.
So blame me, at least to some extent, for not reading the fine print. But that still hardly qualifies as formal notification or informed consent.
In any case, I quickly installed the MIDI player, blissfully unaware that webHancer was taking root, virus-like, in my PC at the same time.
Fortunately, I'm using a program called ZoneAlarm, free personal firewall software from ZoneLabs (www.zonelabs.com). Generally, this software protects against hackers getting into your computer from the Internet. But it also lets you know what software on your computer is trying to connect out to the Internet.
Sure enough, within minutes of having installed the MIDI program, ZoneAlarm is asking me whether I want to grant webHancer permission to connect to the Internet.
"Let what do what?" I asked. In another minute, I found the culprit.
Although the uninstall process was relatively quick and painless, the experience was unsettling, to say the least.
Actually, as spyware goes, webHancer is relatively benign. The company has a privacy policy that promises, in part, that it will gather no personally identifiable information. The data gathered from consumers, it says, are used only to measure Internet performance for the benefit of E-commerce sites.
But as anyone can see, the Trojan Horse-style technique of bundling one program with another is open to wide-ranging abuse. And indeed, a favourite trick of hackers who want to grab control of someone else's computer is to plant a program there that will respond to external commands.
The hacking scenario is relatively rare, but the use of spyware - also known as "adware" - by commercial advertisers is common and growing.
People should be free to participate in any advertising scheme they like. But they should consciously choose to do so after having been fully and clearly informed about what data is being collected and how they will be used.
Most spyware ignores those principles. Sneaky installation procedures, silent data uploads and fine-print disclosures just don't cut it.
For more on spyware check out these Web sites:
Opt Out
www.grc.com/optout.htm
Counterexploitation
www.cexx.org
The Spyware Infested Software List
www.infoforce.qc.ca/spyware
Spychecker
www.spychecker.com |
