Browse archive

Latest news

Experts highlight top data breach vulnerabilities

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

Guantanamo cuts off Wi-Fi access due to OpGTMO

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

Spyware: An Update

by Brian Foster - Senior Director Product Management, Symantec Client & Host Security - Friday, 21 January 2005.

How big of a problem is spyware?

It’s big enough that the U.S. House of Representatives voted unanimously to stiffen jail sentences for those who use secret surveillance programs to steal credit card numbers or commit other crimes.

Under the bill, known as the Internet Spyware (I-SPY) Prevention Act of 2004, those found guilty of using spyware to commit other crimes would face up to five years in prison on top of their original sentences. Those who use spyware to steal personal information with the intent of misusing it, or use spyware to compromise a computer's defenses, could face up to two years behind bars.

The bill would also apply to those who perpetrate so-called “phishing” attacks -- official-looking email messages that aim to trick people into disclosing their bank-account numbers or other personal information.

In addition, the I-SPY bill allocates $10 million to the Department of Justice to combat spyware and phishing scams.

Two days before the I-SPY vote, House lawmakers approved a separate bill that establishes multimillion-dollar fines for spyware perpetrators. (Some observers predict that the two bills will be combined with a spyware bill that is currently working its way through the Senate.)

A pervasive problem

Antivirus products allow users to protect themselves from a variety of potential software and Internet threats. These include malicious code such as viruses and Trojans, as well as expanded threats, which include spyware, adware, and dialers. While definitions of spyware vary, it’s generally agreed that these programs have the ability to scan systems or monitor activity and relay information to other computers or locations in cyberspace. Among the information that may be actively or passively gathered and disseminated by spyware: passwords, log-in details, account numbers, personal information, individual files or other personal documents. Spyware may also gather and distribute information related to the user’s computer, applications running on the computer, Internet browser usage, or other computing habits.

Many popular file-sharing programs come bundled with spyware. In fact, spyware is embedded in hundreds of programs -- including games, utilities, and media players – that can be downloaded for free from the Internet. Spyware is also how many file-sharing vendors make money while not charging for their products. With these programs, it has been said, you pay with your privacy instead of with money.

For that reason, the Federal Trade Commission has repeatedly warned consumers as well as businesses about the trade-offs involved in shareware. In an alert issued last year, the FTC was unambiguous: “Before you use any file-sharing program, you may want to buy software that can prevent the downloading of spyware or help detect it on your hard drive.”