Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
Search SpywareGuide Database & Site
Security Email Alerts & Updates
SpywareGuide powered by FaceTime Security Labs

Thoughts on the Consumer Protection Against Computer Spyware Act

by SpywareGuide Staff

California's Senate has passed a Spyware bill that would prevent the installation of ?Spyware? on an unsuspecting computer user's computer.: (SB 1436 Senate Bill)

Reference: http://www.leginfo.ca.gov/pub/bill/sen/sb_1401-1450/sb_1436_bill_20040928_chaptered.html

The problem with this bill centers on the definition "Spyware". By its current definition:

"Spyware" is an executable computer software program that is installed on a user's computer without the knowledge of a computer user by a computer software manufacturer, computer software controller, or Web site operator, and that does either of the following:

(1) Gathers and transmits to the provider of the computer software, to a third party, or to a remote computer or server any of the following types of information:

(A) The personal information of a user. (e.g. name, address, etc)

(B) Data regarding computer usage, including, but not limited to, which Internet sites are or have been visited by a user.

(2) Operates in a manner that is intended to confuse or mislead the user concerning the identity of the person or entity responsible for the performed functions or content displayed by the computer software.

This is a nice attempt but trying to regulate this type of technology will prove futile, much like the CAN-SPAM act was futile in containing the epidemic of spam. Technology moves far faster than legislation. These threats do not change over time- they change at a lightening fast speed.

This bill states that it is unlawful for any person that is not the user of a computer to knowingly install spyware on a user's computer in California without providing that user with a detailed notice of what the software is, how it functions, if and how it collects and uses personal information, and a variety of other information pertaining to the software. The notice will be required prior to the software's "opening download," the placement of the software on the computer by web site, or the software's installation.

Adware makers will argue that their legalese laden EULA?s are adequate notice to the end user. Even though I am quite sure most users do not read them or understand the language. Most of the really nasty behavior going on now could be stopped under existing laws that govern fraud, unfair trade practices and computer fraud. What this bill should have done is laid out specific guidelines on what constitutes fair disclosure. I do feel technical solutions are far more elegant and options like Service Pack 2 will address some of these problems (e.g. the option to never trust a publisher).

If anything software makers are better served to thoroughly educate their users on how the software works, what it does and actually developing a relationship with the end user. This is where the modern-day adware application has miserably failed. You don?t see fans rushing to their defense on message boards or forums. You don?t see grass roots support for their applications. They have no support because they have?no fans.

The ?opening download? is going to cause a lot of problems too. There seems to be some presumptions that all software has to be ?installed?. Many authors have written many lightweight, compact programs that are self standing .exes. In short they require no installation on the part of the user so I am guessing these authors will now need to pop-up a EULA each time the program is executed. Another question to ask is how will this impact direct linking? Can a third party link to a software program without providing information about the software download? How can a third party guarantee how a software component will behave? They can?t. Does this mean that web sites deploy specific geographical filters, to prevent Californians from downloading certain types of software?

I was glad to see the bill took aim at some of the nastier practices like drive-by downloads, key logging and spyware counter attack software.

(e) Through intentionally deceptive means, remove, disable, or render inoperative security, antispyware, or antivirus software installed on the computer.

In the last two years there has been a hidden but lethal arms race between security software makers and spyware authors. I have seen first hand software that targets anti-spyware applications either by trying to remove them or intentionally breaking their installation. For example the latest version of Spector, a child monitoring tool, has counter attack and stealth capabilities built in. As always we have responded in fashion with our own defense and the cycle is perpetuated.

This is going to get even nastier as some security companies have tried to clean-up the act of anti-spyware companies who are no more than fronts for spyware! Are they in violation for disabling or removing a so-called ?security application??

Overall I feel the spirit of the bill is the right place but it lacks bite where it is most desperately needed and it adds a lot of burden to legitimate software makers. Nor do I think enforcement will be easy either. Many of the most notorious spyware makers, much like their brethren the crafty spammer, don?t reside in the United States. Statewide legislation will not check a global problem and it will only lead to a patch-work of laws that will be just as ineffective.

Unless otherwise noted this article is Copyright © 2021 by FaceTime Communications, Inc. This article may not be resold, reprinted, or redistributed for compensation of any kind without prior written permission from FaceTime Communications, Inc. For reprint or media inquires please contact us with the phrase "Spyware Guide Articles" in the subject line and we will by happy to assist you. Links to this article from other websites are appreciated and encouraged. Users are also encouraged to utilize our RSS system to provide unique content and extracts for their site.

Related Articles

Read other articles (back to full list)

Help with the BUST!
Click here and give us what details you have and let our international research team take it from there. If you desire your report will remain anonymous.
Recent Blog Posts
Notice: Undefined index: version in /data/www/spywareguide/magpierss/rss_parse.inc on line 228
  • A Year In Security
  • Youtube Comment Bot Spams In Waves
  • VGA Awards Trailers Used As Bait For Spam Offers
  • Fake Visa Electronic Report Serves Up Zbot Data Stealer
  • Banned Console Owners Beat The System - With Stickers
  • Spot The Hack
  • The Futility Of EULAs
  • Auto Whaler Spears Phishers
  • Fake Porn Grabbers Snag Nothing But Malware
  • Console DDoS Botnets - A Thriving Industry
  • Recent Modifications
    2021-8-24  Adult Networks/Services
    2017-2-10  Adult Hosts
    2016-3-30  CoolWebSearch
    2015-9-29  Malicious URLS
    2015-5-19  Dialers
    2015-1-5  Email Threats
    2013-7-20  Date Manager
    2013-4-10  BeeBus
    2012-12-18  JT.Moonwalk
    2012-12-18  Sadbiz

    Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide Japan Japanese

    © Copyright 2007, FaceTime Communications, Inc. All rights reserved.