Spyware
Upcoming SlideShare
Loading in...5
×
 

Spyware

on

  • 146 views

 

Statistics

Views

Total Views
146
Views on SlideShare
146
Embed Views
0

Actions

Likes
0
Downloads
13
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Spyware Spyware Document Transcript

  • Spyware (Tracking of Information,Counteraction,Legal Implication) B.Tech Seminar Report Nupur Roy B111028 Under the Guidance of Prof. Swati Vipsita Department of Information Technology International Institute of Information Technology Bhubaneswar Bhubaneswar – 751003, India January, 2014
  • UNDERTAKING I declare that the work presented in this thesis titled Spyware(Tracking of Information,Counteraction,Legal Implication) , submitted to the Department, International Institute of Information Technology, Bhubaneswar, for the award of the Bachelors of Technology degree in Computer Science and Engineering, is my original work. I have not plagiarized or submitted the same work for the award of any other degree. In case this undertaking is found incorrect, I accept that my degree may be unconditionally withdrawn. 21-January- 2014 IIIT Bhubaneswar Nupur Roy b111028
  • CERTIFICATE Certified that the work contained in the thesis titled Spyware(Tracking of Information,Counteraction,Legal Implication), by Nupur Roy , B111028 has been carried out under my supervision and that this work has not been submitted elsewhere for a degree. 21-January-2014 Prof. Swati Vipsita Department of Computer Science and Engineering IIIT, Bhubaneswar View slide
  • ACKNOWLEDGEMENT The elation and gratification of this seminar will be incomplete without mentioning all the people who helped me to make it possible, whose gratitude and encouragement were invaluable to me. I would like to thank God, almighty, our supreme guide, for bestowing is blessings upon me in my entire endeavor. I express my sincere gratitude to Prof. Swati Vipsita, for his guidance and support and students of my class for their support and suggestions. 21-January-2014 IIIT Bhubaneswar Nupur Roy B111028 View slide
  • Contents Chapters 1. Introduction 2. Overview 3. Motivation 4. Objective 5. About topic • Definition • A brief History • Types of Spyware • Adwares • Difference between Spyware &Virus • Who is spying • How spyware operates • Impact of Spyware • Common spyware forms • Counteractions 1. Basic Remedies 2. How anti-spywares work • Legal Implications 6. Conclusion 7. References Page No
  • List of Figures   Figure 1. Figure one 2. Figure two 3. Figure Three 4. Figure Four 5. Figure five Page
  • Introduction Fears of “Big Brother” became a big topic in the ‘90s. The same idea applied software and computer networks has also brought on just about the same amount of publicity. Only now it is called spyware and consumer misinterpretation and the ease of spreading opinionated ideas on the Internet has created some misunderstandings about the reality of what spyware is. Most people are familiar with only one example of spyware, but there are a variety of other types of software that are also rightly termed spyware. This paper will cover definitions of different forms of software that can be labelled as spyware, why spyware is a threat, and what can be done about it. Spyware is a subject with many legal issues. Gator.com sued the Interactive Advertising Bureau (IAB) last year for IAB’s "unfounded accusations and threats". One of the most popularly identified forms of spyware is adware, which is free software sponsored by advertisements from advertising companies. The idea is that advertising can lower the cost of software, even to the point of being free of charge. But adware could also have tracking functionality to personally customise effective advertisements for individual users. It is this tracking of personal information that has caused distrust among many users towards advertising companies.People’s opinion of the adware form of spyware is generally negative, even though it originally had positive intentions to allow software developers make money while consumers get free software at the same time. But adware is not the only type of software that can potentially track user information. Commercial software is available for people to intentionally track other people’s actions on PCs. Web bugs can be embedded in documents; the FBI uses spyware for their investigations; and some commercially available applications are also known to secretly track user information ‐ 1 ‐   
  • Overview Spyware is one type of malicious software (malware) that collects information from a computing system without your consent. Spyware can capture keystrokes, screenshots, authentication credentials, personal email addresses, web form data, internet usage habits, and other personal information. The data is often delivered to online attackers who sell it to others or use it themselves for marketing or spam or to execute financial crimes or identity theft. This report will cover all the aspects of a spyware beginning the details of a spyware,its type,how hackers use it against the users ,its counteractions and legal implication i.e what laws have been framed to monitor this spywares and use it as a benefit Motivation Real world or cyber world the biggest priority of human have always been security and if one in not secure ,how advance the technology would be it is of no use . Spyware is software used to keep an eye and track the information of user, this information can be anything(personal and highly confidential) hence it is important for the users to be aware of the fact that there may be an add or program running in the background tracking the personal information of user.Apart of trackin information it also degrades the performance of you computer Other types of spyware (Targetsoft, for example) even go to the extent of modifying your system's files to make themselves harder to detect or remove. (Targetsoft modifies the Winsock (Windows Sockets) files. The deletion of the spyware-infected file "inetadpt.dll" will interrupt normal networking usage.) ‐ 2 ‐   
  • According to a study by the National Cyber-Security Alliance, spyware affects 90% of home.Hence inorder to keep oneself protected as much as possible from this spywares one need to be informed about it Objective To Explore more about spywares as malicious software by discussing its various forms,how it operates its good and bad impact, Users need to be the first line of defense in preventing spyware from being loaded. The vast majority of spyware is loaded by the computer user, unknowingly in most cases, but with their compliance. Users must be discouraged from downloading and installing unapproved 3rd party software without consulting their IT personnel and save there system from being crashed and protect there valuable and confidential data loss Definition Steve Gibson of the Gibson Research Corporation defines spyware as follows “Silent background use of an Internet ‘backchannel’ connection MUST BE PRECEDED by a complete and truthful disclosure of proposed backchannel usage, followed by the receipt of explicit, informed, consent for such use. ANY SOFTWARE communicating across the Internet absent these elements is guilty of information theft and is properly and rightfully termed: Spyware.” A brief History The first recorded use of the term spyware occurred on 16 October 1995 in a Usenet post that poked fun at Microsoft's business model.Spyware at first ‐ 3 ‐   
  • denoted software meant for espionage purposes. However, in early 2000 the founder of Zone Labs, Gregor Freund, used the term in a press release for the ZoneAlarm Personal Firewall. Later in 2000, a parent using ZoneAlarm was alerted to the fact that "Reader Rabbit," educational software marketed to children by the Mattel toy company, was surreptitiously sending data back to Mattel.Since then, "spyware" has taken on its present sense. According to a 2005 study by AOL and the National Cyber-Security Alliance, 61 percent of surveyed users' computers were infected with form of spyware. 92 percent of surveyed users with spyware reported that they did not know of its presence, and 91 percent reported that they had not given permission for the installation of the spyware.As of 2006, spyware has become one of the preeminent security threats to computer systems running Microsoft Windows operating systems. Computers on which Internet Explorer (IE) is the primary browser are particularly vulnerable to such attacks, not only because IE is the most widely used, but because its tight integration with Windows allows spyware access to crucial parts of the operating system. Before Internet Explorer 6 SP2 was released as part of Windows XP Service Pack 2, the browser would automatically display an installation window for any ActiveX component that a website wanted to install. The combination of user ignorance about these changes, and the assumption by Internet Explorer that all ActiveX components are benign, helped to spread spyware significantly. Many spyware components would also make use of exploits in JavaScript, Internet Explorer and Windows to install without user knowledge or permission. ‐ 4 ‐   
  • Types of Spyware Spywares are generally of two types Domestic Spyware : software that is usually purchased and installed by computer owners to monitor the Internet behavior on their computer networks. Employers use this software to monitor employee online activities; some family members use domestic spyware to monitor other family members (such as reviewing the content of children’s chat room sessions).A third party can also install domestic spyware without the knowledge of the computer owner. Law enforcement officials have used domestic spyware to monitor suspected criminal activity and criminals have used domestic spyware to siphon personal information from private computers in order to steal assets. Commercial Spyware (also known as adware) : software that companies use to track your Internet browsing activities. Companies that track your online habits often sell this information to marketers who then hit you with targeted advertising—ads that match your browsing interests and would most likely appeal to you.Advertisers are delighted when they acquire such valuable marketing information so easily; in the past marketers had to bribe you to learn your preferences through contests, registration surveys and the like. Those methods of gaining your personal information still exist, but in those cases you have the power to read the fine print to learn the fate of your data and so could choose to consent or refuse. Gaining your preferences by stealth using software spies is far easier and offers a much more complete picture for the marketing industry; as a result, spyware is everywhere ‐ 5 ‐   
  • Adware Adware is advertising-supported software that causes pop-up ads to appear on your screen. Weatherbug is a good example of this.Some adware may be shareware (but not all shareware is adware), and this is not necessarily bad nor hidden. Users are usually given the option to pay for a "registered" or "licensed" copy, which typically eliminates the advertisements, or to use the free copy with some ads. The offensive form of adware is when the advertising is not disclosed to you when you download the software. Other adware programs do not track a user's personal information. Usually, spyware programs send your browsing habits to an adserving company, which then targets advertisements back to you, based upon their measurement of your interests. Kazaa and eXeem are popular programs which incorporate software of this type. A number of software applications are available to help computer users search for and modify adware programs to block the presentation of advertisements and to remove spyware modules. Our recommendations for these appear at the left side of this page.Spyware tends to overlap with adware. Malware describes any software that uses spyware for explicitly illegal purposes. Data collecting programs that are installed with your knowledge are not considered spyware, as long as it is clear what data they collect and with whom they will share it. Unfortunately, a lot of commercial software install secondary programs to collect data or distribute advertisements without properly informing you about these activities. These secondary programs are referred to as barnacles and they can drastically slow down your computer. They are also designed to be difficult to detect and remove from the system.Adware ‐ 6 ‐   
  • Difference between Spyware and Virus Spyware can also closely resemble computer viruses, but with some important differences. Spyware and viruses usually both install without your knowledge or consent, and both degrade your computer's performance.A virus, however, spreads copies of itself to other computers, if it can. Spyware usually does not self-replicate. Spyware relies on persuading gullible users to download and install itself by offering some kind of bait.A typical piece of spyware starts every time your computer boots up (which uses CPU cycles and memory and reducing stability). They run all the time, monitoring your Internet usage and delivering targeted ads to you in popup windows. A virus, by contrast, generally aims to carry a payload of some kind. This may do some damage to the user's system (such as, for example, deleting certain files), may make the machine vulnerable to further attacks by opening up a "back door", or may put the machine under the control of malicious third parties for the purposes of spamming or denial-of-service attacks (this is referred to as a "zombie"). The virus will in almost every case also seek to replicate itself onto other computers. In other words, it functions not only as a parasite, but as an infection as well. Usually, it looks for you address books in Outlook, AOL and other programs and then sends the virus to every address it finds.Spyware generally does not damage your data files; it just wants to observe what you do and send you ads; although this also usually slows down your computer.The virus deliberately tries to damage your computer. In general, neither one can damage the computer hardware itself. In the worst case, you will need to reformat the hard drive, reinstall Windows, reinstall your programs and data from backups. You ARE making backups, right? You should be, at least monthly. All of this can prove expensive in terms of repair costs, lost time and productivity. Often, owners of badly ‐ 7 ‐   
  • spyware-infected systems purchase entire new computers, in the belief that an existing system "has become too slow." Repair technicians who hear complaints about a computer "slowing down" usually suspect spyware infection. Who is Spying? The people who use spyware include Online attackers Marketing organizations Organized crime Trusted insiders Online Attackers Online attackers’ primary interest in spyware is using it to steal personal information for financial crimes such as carding (illicit trafficking in stolen credit card and credit card information) and identity theft, or to sell that information to someone else who then executes more traditional financial crimes. Marketing Organizations Marketing organizations are interested in personal information such as email addresses, online shopping and browsing habits, keywords in search queries, and other personal and trend-related information that can be used to execute marketing campaigns like spam, spim (unsolicited messages received via instant messaging systems), browser popups, home page hijacking (changing the default web address for a user’s browser), and more. ‐ 8 ‐   
  • Spying by a Trusted Insider Trusted insiders include those who have physical access to computer systems for legitimate purposes. Some examples are employees, contractors, temporary workers, and cleaning crews. A trusted insider might be, for example, an employee who uses spyware to collect corporate information that can be sold in the underground economy, used for blackmail, or used to gain access to more valuable information at some later time. Another example of the trusted insider group includes family members or close relations such as spouses or significant others trying to catch inappropriate behavior or infidelity. How Spyware Operates Spyware tracks online activity looking for web sites visited, financial data or identity data such as credit card numbers on screen or entered into form fields, browsing and online purchasing habits, and authentication credentials. When keywords of interest like names of banks, online payment systems, or pornographic web sites are observed, the spyware starts its data collection process. Email Addresses Email addresses can be harvested from an infected user’s computer and marketed for use in spam mailing lists. Common techniques for harvesting email addresses and other contact information includes enumerating email applications’ address books, monitoring incoming and outgoing network packets related to email, and scanning files on the system’s disks for strings that match the format of an email address. ‐ 9 ‐   
  • windows Protected Store Windows contains a service called the Protected Store. Its purpose is to provide encrypted storage for sensitive data. The following are some examples of data that might be in the PStore: Outlook passwords passwords for web sites MSN Explorer passwords IE AutoComplete passwords IE AutoComplete fields digital certificates Even though the PStore is encrypted, access to it is indirectly controlled by the data owner’s login credentials. Since most spyware runs under the security profile of the user who is logged on, spyware can harvest this information. Clipboard Content The system clipboard often contains sensitive information. Some common examples include product registration codes and user credentials that are copied and pasted into login forms. Other information that might be found in the system clipboard buffer includes sections of potentially sensitive data from recently modified documents or personal information about you or your associates that could be used in crimes related to identity theft. The Keys You Press Key logging is one of the first spyware techniques used to capture sensitive data from a system. Both hardware and software key loggers exist. Hardware devices usually slip inline between the keyboard cable and computer. Modern key logging hardware is small and unobtrusive and has even been ‐ 10 ‐   
  • hidden inside the physical keyboard casing, making it almost impossible to detect. One limitation of hardware-based keylogger units is the need for physical access to install and retrieve the device and its data. A more common alternative, and the type present in spyware, is the software key logger. Software key loggers capture keyboard events and record the keystroke data before it is sent to the intended application for processing. Like most other spyware capture technologies, software based keyloggers can turn their capture on or off based on keywords or events. For example, many keyloggers target instant messaging clients, email applications, and web browsers but might ignore other applications that don’t provide the kind of data the attacker is targeting for harvest. Network Traffic Network traffic is another valuable source of data. Data commonly extracted from network captures includes user names, passwords, email messages, and web content. In some cases, entire files can be extracted and reconstructed from the captured streams.the below figure displays ‐ 11 ‐   
  • Figure-1 The below figure shows you a sample adware which a user intentionally or unintentionally downloads Figure-2 This shows you how adwares satisfy the EULA criteria ‐ 12 ‐   
  • Figure-3 Home page of an adware.As it is designed to trap users it look very catchy Figure-4 How the user system gets infected Impact of Spywares Spyware can cause people to lose trust in the reliability of online business transactions. Similar to the problem of counterfeit currency in the physical world, spyware undermines confidence in online economic activity. Consumers’ willingness to participate in online monetary transactions decreases ‐ 13 ‐   
  • for fear of personal financial loss. Vendors lose confidence that the person making the purchase is who they say they are and not actually a criminal using a stolen identity or illicit funds. In efforts to manage the risk, vendors and financial institutions often implement additional verification and other loss prevention programs at increased operational cost. Even when financial organizations cover an individual’s loss from online fraud, these costs plus the overhead required to administer loss prevention programs are eventually passed back to consumers in the form of higher service fees, interest rates, or other price increases on the goods and services consumed. As a result, growth rates in commerce are slowed, costs increase, and demand shrinks. Impact on Computers By monitoring and reporting user activity, spyware consumes system resources as well as network bandwidth. Depending on the number of spyware components loaded on a system and their functionality, users may experience significant performance degradation. Because spyware is not always carefully written and tested, systems infected by it are often found to have reliability problems. Affected applications may crash more frequently or the entire system may become unstable, resulting in potential productivity and data loss. Often, spyware is difficult to remove without detailed knowledge of how it works or by taking drastic measures such as wiping the system clean and starting over. In many cases, verifying the integrity of the system requires the operating system, patches, and applications to be reinstalled. These difficulties, combined with the efforts necessary to recover user data, can take a lot of time. ‐ 14 ‐   
  • Risk of Future Security Incidents The sensitive information collected by spyware often includes authentication credentials that may be used for future access to the infected system. People often use the same username and password for many different systems, so these stolen credentials may be used to access other systems not yet infected. Once access is gained, additional information theft or malware installation can take place. Another way spyware puts systems at future risk is by installing backdoor access mechanisms. These backdoors give the malware operator access to control the system or to command the system to download and run arbitrary applications. Attackers can build vast collections of compromised systems without originally compromising a single system. Common Forms of Spyware Below are examples of some frequently observed forms of spyware and their operating characteristics. Browser session hijacking This class of spyware attempts to modify the user’s browser settings. Hijacking spyware can be installed in various ways, but the intent is to modify the behavior of the browser so the user is directed to sites of the malware author’s choice instead of sites the user might have reached normally. These redirects often lead users to advertisements that earn the hijackers commissions when they are visited. Browser Helper Objects Browser Helper Objects (BHOs) are a feature of Internet Explorer that can be exploited by spyware. They are not always easy to detect.BHOs can access ‐ 15 ‐   
  • files, network resources, and anything else the user who launched Internet Explorer can access. Malicious BHOs can be installed via stand-alone dropper1 malware but are also often installed using the “drive-by install” technique, in which code is installed or requested to be installed simply by the action of a user visiting a malicious or compromised web site. One technology often used in this type of installation is the ActiveX functionality present in Internet Explorer. Depending on system and browser configuration, the installation may take place automatically and be carried out without prompting the user. In cases where there is prompting, information necessary to make an informed decision can be covered with popup windows or other obfuscation techniques such as naming the control “Click yes to download ringtone.” Cookies and Web Bugs Cookies are small pieces of information stored on a user’s system by a web server. During subsequent visits, the web server can retrieve these cookies. Often, cookies are used for storing user authentication, preferences, and other types of user state information. They can be used to track a user across multiple web sites. Web bugs are HTML elements, often in the form of image tags, that retrieve information from a remote web site. While the image may not be visible to the user, the act of making the request can provide information about the user. Web bugs are often embedded in web pages and HTML-enabled email messages. Links are used to track access using previously set cookies or with unique strings embedded in the URL. A typical use of this is to log the successful delivery of messages to a unique email address (a common technique for ‐ 16 ‐   
  • spammers). Once a user has accessed the image, a cookie can also be set and associated with their email address as the beginning of a profile. The cookies can then be used to track portions of the user’s browsing habits. Figure-5:shows you how cookies and web bugs work False Antispyware Tools Applications available on some internet sites advertise themselves as spyware detection or removal tools when in fact they themselves are spyware. Autonomous Spyware As a class, autonomous spyware operates as a separate process or injects itself into other processes running on your system. This type of spyware often starts up when you log onto your computer and can frequently access anything on your system.Because autonomous spyware is simply a malicious application, it can be designed to perform almost any type of spying function. Spyware in this class often includes keyloggers, bots, email and web monitoring tools, packet ‐ 17 ‐   
  • sniffers, and mechanisms that permit the intruder to remotely access and control an infected system. (Droppers are a special kind of malware that deliver other malware to the client they are trying to infect. They usually operate by placing malicious files on the system and then changing the system in some way that allows the newly written malware files to be executed.) Counteractions Basic measures Don’t trust unknown or known high-risk sources When visiting unfamiliar web sites, you should exercise caution. This guideline should also apply to sites you expect to be high risk based on their content. Such sites include those with many popups, constant or required requests to install browser components and other applications, and those with content focused on illegal or questionable topics such as software cracking or hacking. If you have to visit sites of these types, never allow ActiveX controls, browser plug-ins, or other types of applications to be installed on your system. If you are prompted about allowing an installation or about agreeing to terms of some kind, it is a good idea to press ALT-F4 or take other action to close the popup or browser window. Taking any other action, including answering NO to the installation request, could result in malware being installed on your computer. Read the fine print If you decide to install an application obtained on the internet, be sure to read all license or privacy agreements related to the software and the organization the code comes from, and be sure you completely understand the details. Many times, information about monitoring functionality or the vendor’s right to install ‐ 18 ‐   
  • additional software is included in these documents. It may be located near the end of the data or buried in long paragraphs to make it harder to detect. Although the practice of documenting things in ways that make it hard to locate can be misleading, you are ultimately responsible for your own actions. If you see agreements that seem too lengthy or hard to understand, consider this a warning sign that you may want to reconsider installing the application. Pay attention when installing applications Software installation packages sometimes take advantage of a user’s tendency to not pay attention to the details and simply accept the default “checked” options. If the default options are blindly accepted and prompts are ignored, clicking next, next, next may actually be agreeing to the installation of spyware, adware, or other applications that are not desired. Reading instructions and paying attention to what is being agreed to is important to staying safe. Keep your operating system and software up to date Keeping systems and applications current with security–related patches is critical. This includes patching the operating system and all installed applications, especially those related to network and internet activity like browsers, media players, email clients, and news readers. These are very common targets of attack and second only to social engineering as a means of spreading malware. Antivirus and Antispyware Tools : Installing trusted antivirus and antispyware tools and keeping them and their signatures current is an important part of defensive computer security. Browser Settings : Configuring your browser to block active content like ActiveX, Java, scripting, pop-ups, images, and other potentially harmful content can increase online security. While disabling active content features can stop many threats, it also has a tendency to break many modern web sites and ‐ 19 ‐   
  • applications. At the very least, the richness of the browsing experience will be reduced. One browser configuration strategy to manage the risk associated with active content while still enabling trusted sites is the use of Internet Explorer security zones. Using security zones, you can choose preset levels of security. Email Configuration : If you use an email program, you can configure it to send and display email using plain text instead of HTML. This can eliminate most of the risks from embedded script, web bugs, and other HTML-enabled techniques used by attackers. But just as disabling active content in web browsers reduces the functionality of some features, using plain text can reduce the usability of some features. Also, many email clients are now offering the ability to disable scripting and block images until a user takes some action to display them. Starting your Computer Safely : Almost all spyware needs a way to start itself when you are using your computer. Spyware often starts in conjunction with system startup, user login, or when certain applications like an internet browser or other software is launched. How Anti-Spyware Works Anti-spyware programs can combat spyware in two ways: They can provide real-time protection in a manner similar to that of anti-virus protection: they scan all incoming network data for spyware and blocks any threats it detects.Anti-spyware software programs can be used solely for detection and removal of spyware software that has already been installed into the computer. This kind of anti-spyware can often be set to scan on a regular schedule. ‐ 20 ‐   
  • Such programs inspect the contents of the Windows registry, operating system files, and installed programs, and remove files and entries which match a list of known spyware, the software scans disk files at download time, and blocks the activity of components known to represent spyware. In some cases, it may also intercept attempts to install start-up items or to modify browser settings. Earlier versions of anti-spyware programs focused chiefly on detection and removal. Javacool Software's SpywareBlaster, one of the first to offer real-time protection, blocked the installation of ActiveX-based spyware. Like most anti-virus software, many anti-spyware/adware tools require a frequently updated database of threats. As new spyware programs are released, anti-spyware developers discover and evaluate them, adding to the list of known spyware, which allow the software to detect and remove new spyware. As a result, anti-spyware software is of limited usefulness without regular updates. Updates may be installed automatically or manually. A popular generic spyware removal tool used by those that requires a certain degree of expertise is HijackThis, which scans certain areas of the Windows OS where spyware often resides and presents a list with items to delete manually. As most of the items are legitimate windows files/registry entries it is advised for those who are less knowledgeable on this subject to post a HijackThis log on the numerous antispyware sites and let the experts decide what to delete. Legal implication Through copyright, the modification of software is illegal, especially whensoftware developers explicitly forbid it. Thus, by the nature of spyware removal methods in existence, an attempt to remove spyware could also be illegal. ‐ 21 ‐   
  • Current laws are more lenient to spyware than to users. The Digital Millennium Copyright Act, and the Uniform Computer Information Transactions Act has allowed software developers to legally include spyware in their products to protect their intellectual property rights. The Spyware Control and Privacy Protection Act of 2000 only requires that adware companies make their legal statements clear, and allow users the choice of whether or not to install. Failing to do so will result in prosecution as unfair or deceptive acts under the Federal Trade Commission Act. This point of view contrasts with opinion that “the FTC's recent endorsement in its report to Congress of vendor ‘self regulation’ for online profiling doesn't bode well, because it appears to take an opt-out approach where customers must read all the privacy legalese on sites”.The problem with Privacy Statements and End User Licence Agreements (EULA)is that they are extremely long. The licence agreement that is meant to be read before installation for eZula’s TopText iLookup is approximately 6,000 words long. How many users will bother reading that in one go? And considering that these products may wellbe installed for evaluation purposes only, it is a very unreasonable requirement for the user. Not only are Licence Agreements notoriously long, they can contain a lot of legal jargon, and be ambiguous and hard to read. This makes it easy for software vendors to embed clauses about their information tracking so that it can be easy for readers to miss.Software developers often also reserve the right to modify their Licence Agreements and Privacy statements without notice. Gator.com has all the Privacy Statements and End User Licence Agreements for each of its product versions on its website. This may sound impressive, but just by looking at the current version; there is no way of telling whether or not they have previously reviewed their statements and agreements. ‐ 22 ‐   
  • Conclusion The general usage of the term spyware is in substitution of the word adware. It could be that entrepreneurs targeted advertising companies by creating the notion of spyware to make money off paranoid users, though this is just a speculation. Aside from all this excitement over software laden with advertising, genuinely intrusive spyware exist in different forms. It is this form of known, deliberate use of spyware that proves to be most interesting. By law, all these examples of spyware are legal. But the main point people have in objection to such software is that it is unethical.Generally, most ethical ideals are universally accepted, especially in such a rapidly shrinking world. Including monitoring to improve advertisements and reduce prices in adware programs is generally acceptable, as long as the code does not do anything else unexpected. But what if expensive software, that does not require advertising support, contains monitoring functionality also? Microsoft Word and RealJukeBox are just two applications, which have been suspected of unnecessarily tracking user information and actions. In my opinion, such examples are very unethical and uncalled for. As for FBI keyboard tracing and private use, the moral consequences can get quite complicated and both sides of the story (the victims and the spies) have a lot to argue for. Users themselves have to decide whether installing spyware applications is a good idea or not. In the case of deliberately using spyware to track another user’s actions, the decision depends greatly on who is being involved and how serious their motive is. But as for adware, there is no easy way of finding out what information is being passed. There is no reason why gathered data from users could be disguised by the use of encryption. Therefore the user’s choice will come down to how comfortable they are with the information that can potentially be sent through ‐ 23 ‐   
  • spyware.Security issues in spyware cover three of the four types of system security threats as defined by Charles P. Pfleeger Interception, Interruption, and Modification. Users could hack the functionality of adware, or any other form of spyware that uses the Internet, by using a firewall to intercept the sensitive data. Interruption attacks could occur due to system crashes from badly coded adware, and users could also hack adware to modify it so that it cannot function properly. The threats to privacy and security go both ways when users start to turn against spyware.There are many reasons to be cautious of spyware, but instances of people being gravely affected by spyware are rare. In fact, in the course of this research, I have not found any notion or evidence of innocent individuals experiencing the potentially adverse effects of spyware. ‐ 24 ‐   
  • References [1] Gibbs, Mark (2001, May 14). Spying on the Flip Side. Network World,volume 18 (Issue 20), p38, 1 page [2] Post, André (no date). The Dangers of Spyware. Retrieved April 5, 2002,from http://securityresponse.symantec.com/avcenter/reference/danger.of.spyware.pdf, 9pages [3] Wang, Wallace (2000, October). Dealing with Spyware. Boardwatch,volume 14 (issue 10), p192, 2 pages [4] Stevens, Al (2000, October). Shareware, Adware, Spyware. Dr. Dobb’sJournal, volume 25 (issue 10), p123, 5 pages [5] Matthews, William (2002, March 11). FBI Spyware Avoids Scrutiny.Federal Computer Week, volume 16 (issue 6), p34, 1 page [6] Hogan, Kevin (2001, December). Will Spyware Work?. TechnologyReview, volume 104 (issue 10), pp43, 5 pages [7] Ryan, Dan J (2000, August 7). Warding Off PC Spies. Federal ComputerWeek, volume 14 (issue 27), p46, 1 page [8] www.google.com ‐ 25 ‐