10 Truths about Spyware :: Site Pro News

the Guru

No one should be too paranoid, but an informed user is a safe user. Spyware has
recently begun cascading into the
computer market at an astonishing rate. Surprisingly there are a lot of
misconceptions about what spyware really is
and how dangerous it can be.


Fact #1: Spyware and Adware are fundamentally different- This is important and often
made confusing by the media
and privacy advocates. Many people have the common misconception that spy software
is made by advertisers to profile
their shopping and surfing habits. This is a false and potentially dangerous
assumption.


This misconception probably stems from the fall of two companies- Radiate and
Conducent. Both of these companies
attempted to sell banner space inside of freeware applications and to share this
revenue with software authors in
exchange for letting them distribute and selling space inside the freeware. This
seemed to be a fair deal but what
they didn't disclose to software authors and didn't tell consumers is that they were
secretly profiling and logging
surfing habits and sending this information back to their servers for analysis.








Conducent and Radiate are no longer functioning, or at least they don't seem to be,
but they left the legacy of
adware paranoia with them. Adware may have spyware-like features, it may profile
shopping habits, it is usually
annoying, has the potential to be a security threat but it is nowhere near the
security threat that real spyware
can be. In short most Adware is not trying to capture your sëcret chats,
e-mails or passwörds. It usually is trying
to entice you to buy something by showing ads, throwing out pop-up windows,
profiling your surfing habits or gathering
broad and general information about you.


Fact #2: Spy software creates dangerous security holes- The latest "rage" among
spyware vendors is the
ability to let the spy remotely connect to the target's computers. We have
identified several spyware
programs opening a default port on the system and using a hard-coded or default,
easy to guess or easy to brute
force password. We have analyzed and carried out simulated attacks in this scenario.
Hackers can use a simple port
scanning tool to scan entire networks and easily penetrate affected machines.


People who have certain remote spyware programs installed on their machines are
literally sitting ducks. Ironically,
in the case of shared-machine spousal spying, the spy has actually opened themselves
up to severe security threats
because they operate on the same machine as the victim. The very same spyware that
was supposed to protect their
children by monitoring their activity is leaving them vulnerable to outside attacks.


Fact #3: Spyware is often illegal- The use of Spyware or key recorders is illegal in
some countries. If you
are thinking about spying on people's computers then think again. It may carry stiff
lëgal penalties, up to and
including prison time. In the U.S. installing a keylogger or spyware on someone's
machine without their permission
carries severe lëgal penalties.








Unfortunately there are virtually no laws currently restricting an employer from
monitoring computers in the
workplace for citizens of the United States. The good news is there is pending
legislation to tighten these rules
focusing on requiring notification of employees if their computer activity is being
monitored. As of today this
disclosure is not required.


Recently The Utah state legislature passed a bill, the Utah Spyware Control Act,
outlawing certain activities in
which most spyware engages. This includes, without first seeking permission from the
owner of the computer, reporting
online behavior, sending information about a user to third parties and creating
pop-up advertisements based on the
context of a web site a person is visiting. Currently this bill is being challenged
by WhenU, a large adware vendor,
on the grounds of limiting frëe speech.


Fact #4: Spyware is common- We know what you might be thinking; spy software seems
rather "James Bondish" and
beyond the reach of average users. This is not so. It is mass-marketed, cheap and
very easy to acquire. You can
find spyware for sale through Internet auctions, via e-mails (often sp@m), and all
over the Web. You can even get
spyware for frëe if you know where to look.


Fact #5: Spyware is easy to install- There are no special technical skills needed to
install these programs.
A teenager can do it and according to reports received by ourselves and other
anti-spyware vendors they sometimes do.
Spy software companies have made it very easy for just about anyone to start spying.
We have documented cases of
children installing spyware on their parent's machines to circumvent parental
control software.








Fact #6: Spyware may be sold under legitïmate pretenses- Many spy programs are
marketed as "child monitoring
systems" when in fact they are bought by employers, spouses, and other individuals
for the sole purpose of gathering
system and personal information without a user's consent. Because of this
"legitimacy" these programs are often
missed by anti-virus software designed to target viruses and trojan horses. Let's be
realistic, spy software makers
know exactly why people are really buying these programs.


We believe parents have a right to monitor there children but if a system is
monitored it should be made clear this
software is in place and the software should give the user adequate warning while it
is in operation. The same holds
true for employers and employees.



Put A Google-Type Ad Box on 7 Search Engines

Your Keywords - Top 10 Placement

All for $12/URL or Less, PLUS

Sign Up Today and Receive FR-E-E Bonus Software




Fact #7: Spies intentionally 'misuse' monitoring software- Established spy software
companies usually ask
purchasers to agree through a EULA (End User License Agreement) not to monitor users
without their knowledge and
consent. You guessed it- most spies have absolutely no intention of letting users
know they are under surveillance.


Fact #8: Spyware software can be detected- Spy software makers will go to great
lengths to convince users
they are 'untraceable' or they cannot be sniffed out by counter-surveillance probes.
While spyware makers often use
very sophisticated counter-detection and stealth technologies the vast majority of
them can be scanned against and
removed. If it is being sold on the commercial market- it can be targeted.


Fact #9: Some commercial spy programs are repurposed 'Trojan horses'- This is sad
but shockingly true. Some
spyware vendors have gone as far as to repurpose old Trojan horse programs found on
technical minded boards and are
selling them as new spy technology. (A Trojan horse is a malicious,
security-breaking program disguised as something
benign.)


Fact#10: Deleting history and computer use logs does nothing against true spyware-
While erasing usage history
is useful to protect your privacy this type of protection is useless if your
activity is being logged or snapshots
are being taken of your computer use. Deleting history, files, cache and cookies
cannot and will not protect you
against the prying eyes of active spies on your machine.


The safest way to remain frëe from spyware is to use one or more anti-spy
programs that actively scan your system
for intrusion and utilities that help inoculate your system from penetration. Good
anti-spy programs will use a
variety of methods for detection including registry scanning, md5 signatures,
digital fingerprints, filesize, CLSID,
windows titles and other traces that spyware leaves on your machine.


Even with anti-spy software programs active, do not develop a false sense of
security. The battle to contain these
programs rages on daily basis with some rogue programs creating over two-hundrend
variants in a single day! One lapse
in security can lead to unwanted infection, so above all- use common sense. Don't
download files from sites you don't
know or trust, don't use P2P file sharing software, do not open e-mail attachments
and be sure you have good
anti-virus and firewall software running at all times.

blobert

Thanks for that, it made for an informative read.

Cake Fiend

Originally posted by the Guru
literally sitting ducks

Completely off-topic, but this made me laugh.



It's a slow morning...

sceptre

Originally posted by Sico
Completely off-topic, but this made me laugh.



It's a slow morning...

I'll bet you literally laughed your arse off.