Spyware cures may cause more harm than good

C/Net News.com ^ | 2/4/2004 | John Borland

[justlurking]

Web surfers battling "spyware" face a new problem: so-called spyware-killing programs that install the same kind of unwanted advertising software they promise to erase.

Millions of computers have been hit in recent years by ads and PC-monitoring software that comes bundled with popular free downloads, notably music-swapping programs. The problem has attracted dozens of companies seeking to profit by promising to root out the offending software. But some software makers are exploiting the situation, critics allege, turning demand for antispyware software into a launch pad for new spyware attacks.

A small army of angry Web users has set up a network of Web sites where they post reports of antispyware programs said to prey on consumers by installing offending files. Some of these charges could get a hearing soon, as public-interest group The Center for Democracy & Technology plans to file complaints with the Federal Trade Commission against specific companies.

"If people feel as though their privacy has been violated by a company that claims to be protecting them, that clearly is an unfair and deceptive practice," said Ari Schwartz, an associate director of Washington-based CDT. "You would think that an antispyware company would hold itself up to the highest standards."

The boom in spyware, adware and other PC hijackers has led to increasing calls for regulation from lawmakers, including presidential candidate Sen. John Edwards, D-N.C., and from public-interest groups.

Many software makers have turned to advertising as a way to make money from consumers who are reluctant to purchase programs. The same approach has been taken by some antispyware companies, even though they promise that their products will root out unwanted advertising from others. But the failure of some to disclose their practices has raised the greatest outcry.

Like viruses, adware and spyware programs can sneak into a user's computer hard drive with little or no warning and can hide their tracks in ways that make it difficult for even the most sophisticated computer users to find and permanently delete.

As adware and spyware have spread, demand for applications that clean up infected hard drives has grown, drawing a large group of competitors eager to profit. More than 50 programs claiming to erase adware and spyware are available online, and many of these are offered as free downloads. Several major Internet service providers, including EarthLink and America Online, have also moved to provide spyware-removal applications to their subscribers.

But as these programs proliferate, some software makers face mounting criticism that their products install the very things they promise to defend against. Some antispyware companies have pointed fingers at rivals and have added competing programs to their list of applications that contain adware or spyware. These lists are used to identify and sweep out offending software during antispyware scans.

Keeping track of spyware
One such tool facing allegations of abuse is SpyBan, an antispyware program that has been downloaded some 44,000 times in the last four months, according to Download.com, a software download site owned by CNET Networks, the publisher of News.com. Download.com removed the software this week, noting that SpyBan had failed to disclose and explain all the software components included in its installation, a violation of the Web site's policies.

Numerous competing antispyware companies, including Spybot-Search & Destroy parent PepiMK Software and Sweden-based Kephyr.com, have identified SpyBan as a potential source of unwanted spyware--notably a program listed by many spyware cleaners as Look2Me. Download.com had also independently warned that Look2Me might be installed along with SpyBan.

"I classified SpyBan as a Trojan Horse, since it gives the impression that it will protect your privacy, but does the opposite--installs spyware," alleged Kephyr's Roger Karlsson in an e-mail interview.

A CNET News.com test of SpyBan on Jan. 29 found that the software did remove some adware components but also confirmed that it led to the installation of a file that Spybot and security firm Symantec identified as Look2Me. Symantec lists Look2Me as a spyware application, while its rival PestPatrol defines the same application as an adware program.

"Look2Me is a spyware program that monitors visited Web sites and submits the logged information to a server," Symantec reports on its Web site. According to PestPatrol, Look2Me is categorized as "software that brings ads to your computer. Such ads may or may not be targeted."

Who is SpyBan?

Information and links on SpyBan's Web site disappeared late on Monday, following inquiries from a CNET News.com reporter. An e-mail to a generic "info" address at the SpyBan Web site elicited an initial reply, but the company did not reply to questions about its software.

Prior to going dark, the SpyBan Web site contained no information about its corporate parent, and the domain name database--Whois--that typically contains contact information for companies contained none for SpyBan.

A Look2Me license agreement found on a cached Google Web page identified Minneapolis-based NicTech Networks as the software's "owners/authors."

A trace of SpyBan.net's Web domain name late on Tuesday showed that the site was hosted at the same Internet address as NicTech Networks. The SpyBan e-mail also originated from that IP address. Repeated calls to NicTech were not returned.

A question of trust
The effects of spyware and adware programs vary. Some spyware programs run quietly in the background, sometimes capturing what a computer user types or what Web sites are visited. Some of these applications, which are called keystroke loggers, are so potent that they can record user names and passwords for the most closely guarded Web sites, including online banks.

Far more common are "adware" programs, which can operate unseen in the background. These periodically pop up windows with advertisements, change a Web browser's home page, install unwanted search toolbars or add bookmarks to a browser. Many of these software programs track Web surfers' habits online and send the data to their parent companies.

Security experts say it is difficult to keep up with spyware programs, which constantly shift their way of working inside a computer to evade detection and which generally contain many times more programming instructions than an average virus. The confusion is underscored by differences in how security firms describe specific programs.

"I doubt anyone knows precisely what these things do, apart from the authors," PestPatrol researcher Roger Thompson said. "They are really complex. Viruses are easy compared to these things."

There is little doubt that millions of PCs have been infected with spyware and adware programs.

A recent unscientific EarthLink survey gives some indication of the spread of the problems. The company offered its subscribers a free online spyware-scanning tool, similar to an antivirus scan program. In the course of 426,500 scans, EarthLink found more than 2 million adware files installed and more than 9 million "adware cookies"--a type of cookie that tracks people's surfing habits.

A few independent antispyware companies, such as Lavasoft's Ad-Aware and Spybot, have been around long enough and have been used by enough people to have gained a reputation as safe.

For the most part, Net experts warn consumers simply to be careful, to make sure that they trust the source of any software they install on their computers and to contact authorities such as the Federal Trade Commission if they think that their privacy has been violated.

"My first advice, if you get spam advertising a piece of software: You should really think twice before downloading that program," the CDT's Schwartz said.

[Salvation]

Thanks for posting this.

[N3WBI3]

But again windows has to be set up that way and when it is it is just as dificult to use as Linux. Also Linux and OSX make sure you know if something is being installed scripting on Windows makes it (in many cases) transparent.

[justlurking]

The so-called "drive-by downloads" are what causes a lot of it, but also trojans inside screensavers and wallpaper downloads. I'm about ready to ban those and lock down the desktops.

If they can install software, you will constantly battle this problem.

Take all privileges (to install software, change settings, etc.) from the default user.

[Salvation]

I didn't know this was free. Thanks!

[discostu]

Yeah that's the ticket.

Actually that's kind of what I do with my work desktop machine. Get it all tweaked and do my best to never install anything again. Anything I need for a one shot use I install on a test machine, I don't care what spyware or anything else lands on a test machine it'll be scrubbed in under a week anyway.

[tcuoohjohn]

Firewalls and AV will do nothing to combat adware. Adware is not a trojan or virus. It is a program like any other and you "voluntarily" download it..

[discostu]

No it's not. Linux presents complications to the average user much deeper than security. Windows will configure most of your hardware automatically, as long as the stuff is older than the OS you probably won't even have to remember what the hardware is to tell Windows, Windows will spot it, figure out what it is and load the drivers during install.

Oh I'm sure there's a way to make your installs silent on Linux and OSX, do you approve every single file that gets laid down?

[per loin]

No, but it is highly recommended that they hire a 3rd party bodyguard or purchase a 3rd party firearm.

I'm unsure what a 3rd party firearm might be. Carrying two is sufficient for most parties that I attend. But another solution is to have a government that arrests and imprisons muggers.

[hunter112]

And if 95% of people used Linux/Mozilla, spyware writers, virus writers, etc. would target them! Yes, it might be easier to mess with Microsoft products, mainly because so many have tried and been successful, the knowledge is out there because so many have it. No OS is absolutely invulnerable, just like your house, you have to use multiple levels of security to make yourself a harder target than your neighbor.

[N3WBI3]

Umm I just installed fedora on my old pII 400 (redhat 9 is on my dell P4). After installing on the old computer I found a new burner drive plugged it in and it worked without any configuration. The fact is moder Linux distributions handle hardware just as easily as widows the only are they are really weak in is bleeding edge video cards (a few month delay). My camera, printer, scanner, HD and dvdrom all worked right out of the box on Linux..

The hell of having to deal with libraries was more than four years ago Redhat/Suse/and Mandrake have all packaged in the hardware support..

And on a unix system other than being the root user you can not do a transparent install! You can install plugins and the like in your home directory but they are not system wide (if a kid installs something stupid it will not affect your account).

[Space Wrangler]

bookmark for later perusal.

[Hunble]

Never, in my 30 years of working with computers, have I ever had a problem that did not involve the installation of new software.

Each and every time, I could always trace the problem back to new software being installed.

Ah, the good old days of the Altair 8800 with the front toggle switches. Even if an evil programmer did try to sabotage my computer, it would take him days to finger in the software code.

As long as nobody touched any of the front switches, that computer ran great.

[mlbford2]

Dude, can I store my gold bars in your computer? lol

[N3WBI3]

SO if tomorrow everyone started to drive volvo's they would be just as dangerous in a head on as a dodge neon? Sometimes the design matters..

[discostu]

Good for Linux. It's about time. If you're using both Linux and Windows then you already KNOW it takes a lot more knowledge to run a Linux box than a Windows box. Linux is expert friendly, Windows is moron friendly. That's their claims to fame.

[discostu]

Yep. That's the time when you introduce change. Change is bad. That's why I avoid it. Except on my home machine where I really don't care, I have a safe zone for everything that's important everything else can be sacrificed.

[N3WBI3]

but a moron friendly windows box allows for viruses, adwarem ... To make a widows box secure no need to be every bit the expert that one would have to be on a Linux box. I suggest you try Fedora, it is just as easy to install and use as Windows..

[discostu]

A secure Windows box is easy to create, during the install XP asks you if you want to make any more users, say yes, make one, give it the lowest level of permissions, use that user. Real simple.

Why would I try Fedora? Can you play Madden 2004 on Fedora and get support from EA Sports if something doesn't? Until that's the case there's no reason at all for me to try anything but Windows. I'm not a tweaker, I'm not a bleeding edge experimenter, at home I surf the web play games and update my resume. Windows does all three of those things exactly to my specifications.

[Joe Hadenuf]

Isn't there a way to clean caches manually? If so, whats the best way. Thanks.

[N3WBI3]

Well your right there are far more games available for windows than Linux. But linux requires no tweaking to do anything, either a game is supported or its not. Fedora out of the box can do 99% of what users need (guess what most people play madded on a psII/xbox/gamecube)...

I offered a suggestion if you wish to remain ignorant and make statements like Linux does not support hardware without tweaking' be my guess they say its bliss..