Office applications Toolkit

Malware: Do you know your enemy?

Tags:
Spyware

Stefanie Olsen CNET News

Published: 04 Feb 2005 12:30 GMT

Spyware-removal tools are a fairly new commodity from ISPs, but some of the software may confuse people as much as it protects them, critics say.

In one example, EarthLink's Spyware Blocker program notes several different kinds of potentially unwanted software found on a subscriber's PC, including Trojans that can steal personal information. Yet also included on the list are advertising system "cookies" -- bits of code used to monitor people's response to online ads or regulate their frequency. EarthLink itself systematically distributes cookies to keep track of consumers.

Consumer advocates argue that cookies shouldn't be lumped into a bucket with spyware because they're innocuous compared with software designed to steal or corrupt a PC.

"Cookies are so common," said Richard Smith, a privacy and security consultant. "Unless they make it clear that this is not as bad a threat as these other things like keystroke loggers, it gets people worried for no reason."

The debate highlights an ongoing disconnect in an industry charged with fighting malicious software (malware) that can reap all sorts of havoc on people's PC. As the threat of malware has grown, it has become increasingly challenging for ISPs, lawmakers and security experts to pin it down. Part of the trouble is in defining similar software that performs very different functions so that people easily understand the dangers of each.

Labels such as spyware and adware cut a wide swath, with many grey areas that can spark disagreements among software makers, consumers and security experts over legitimate and illegitimate practices. Some anti-spyware software makers are even beginning to allot new categories to describe a wider range of programs.

EarthLink acknowledged its use of cookies, and the Spyware Blocker's detection of them. "Consumers may not know that they are on their PCs. Thus, they fall into the 'spy' category," said company spokesman Jerry Grasso, who added that they can be removed or not at consumers' discretion.

Spyware is commonly thought of as software that's downloaded onto a PC without clearly disclosing all of its functions or obtaining permission from the computer's owner. It typically slips onto a person's machine unnoticed as a scantly disclosed add-on with other popular applications, such as file-sharing software, or via browser security vulnerabilities.

Spyware denies people reasonable control over the application -- the ability to easily uninstall it, for example. And, as its name implies, it typically spies on people while they're surfing the Web. It can collect passwords, bank statements and other personal data, down to the keystroke.

In a more benign form, known as adware, such programs can be used to send ads based on people's interests.

Still, Smith defines spyware as software such as keystroke loggers, used to steal bank information or other sensitive data, or applications designed to literally let one person spy on another, for instance, a husband watching his wife online. Programs used to hijack a person's home page, deliver pornographic pop-ups or re-jig search results can simply be called "sleazeware", Smith said.

Smith said some anti-spyware audits are padding the potential threat to create the impression that they're doing more work than they really are to protect consumers. "Most people will be bothered by programs that mess with search results or change your home page," he said.

"But most advertising network cookies are much more for providing feedback to advertisers about how their ads are performing", and historically that's only been a disappointment to the advertisers, he said.