Right to Privacy: Sneaky Software

ABSTRACT

 

Computers usually receive spyware bundled as a hidden component in freeware and shareware applications. Through spyware, software companies abuse the trust of computer users. Spyware can steal any information entering or exiting the computer. Advertising Spyware is stealth advertising components that are installed by some shareware products and sometimes legitimately purchased commercial software that may collect personal information from a user’s computer. What can computer users do to protect themselves from spyware?

Right to Privacy: Sneaky Software

            When most people think of an invasion of privacy, they think it occurs when a police officer does not do something correctly during a search. The reality is, we have all invaded someone’s privacy at one time or another through eavesdropping or other means, accidentally or even on purpose. Companies, such as WebHancer, place tracking programs on personal computers, most of the time without the knowledge of the user. According to the New York Web specialist Chris Wenham (2002), “they [these tracking programs] get to work the instant you [the user] begin surfing bugged Web pages, identifying you by an anonymous number at first until you finally blunder into any of the million opportunities – such as ordering a product online – that tie your number and all its cataloged kinks to a name.” We would like to believe none of this is true, but even innocently sounding software, downloaded for a specific purpose, then uninstalled, can remain as a thorn in your pc, otherwise known as sneaky software.

Does File-Sharing Have Double Standards?

            Napster, the most prominent pioneer in the public file-sharing sector, became infamous when Metallica’s drummer, Lars Ulrich, brought suit against the company for aiding users in copyright infringement. Napster was shut down and later reopened as a service where users pay for downloads, instead of freely sharing each other’s files. Soon after Napster’s shutdown, KaZaA became the most popular file-sharing utility. No media giants seemed to mind KaZaA as much Napster.

            KaZaA was known to come bundled with many parasite programs that serve advertisement pop-ups, track Web-surfing activity, and do various other targeted operations. Users didn’t care too much for these tracking programs, but nothing is free, and most people just thought that the aggravation that came with KaZaA was worth the free music, movies, and software.

Early in April 2002, “A company called Brilliant Digital has surreptitiously installed software in computers running KaZaA. Once activated, the software would set up a distributed computing network, allowing Brilliant to hijack the resources of thousands of personal computers to serve the needs of its own customers. Brilliant’s plan is to use the computer processing power generated by the network to serve technologically advanced advertisements and track how users react to those ads” (Wenham, 2002).

Media companies do their best to not allow public file sharing of copyrighted material, but these companies seem to have no problem sharing sensitive personal information among corporate elite. Is it all right for corporations to steal information from users, but not for users to share their own files among themselves? Do corporations invade privacy?

What is Spyware?

Spyware is a program installed on a computer for the sole purpose of finding out what the computer user is doing, along with an ultimate goal of finding out why the user is doing what he or she is doing. Spyware “Collects information from your computer, transmits a unique code to identify you (for tracking purposes), collects/transmits information about your computer use or other habits, installs itself on your computer, keeps reinstalling itself no matter how many times you remove it, and performs other unwholesome duties, all without your knowledge or consent” (Cexx, 2005).

“Spyware is a generic term for software whose purpose is to collect demographic and usage information from your computer, usually for advertising purposes” (Cexx, 2004).  Users usually receive spyware as a hidden component in freeware and shareware applications. Software supported by advertisements is supposed to be a way for users to obtain free software, while allowing the software company to still make money, not from the software, but from the advertisements. Software companies abuse the trust of users. “Several adware [a form of spyware] applications have been known to secretly snoop around areas of you computer they don’t belong, including your browser history” (Cexx, 2004).

Program files end in the extension .exe, short for executable, and are an independent executable program. Spyware exists in the same manner, therefore having the ability to do anything a program can do, including monitoring keystrokes, arbitrarily scanning files on a user’s hard drive, snooping other applications such as Microsoft Word and MSN chat, reading cookies, changing the default homepage, interfacing with Internet Explorer to determine what websites have been visited, and monitoring various aspects of the user’s behavior. The spyware connects to its author every now and then to report what it finds. The author can then use the information for marketing purposes or sell it other companies for a profit. Basically, spyware can steal any information entering or exiting the user’s computer. According to the website, cexx.org, there are many known spyware applications, in many different categories.

Advertising Spyware is stealth advertising components that are installed by some shareware products and sometimes legitimately purchased commercial software that may collect personal information from a user’s computer. Common advertising spyware programs are Aureate/Radiate, which has the file name advert.dll, dssangent.dll, which usually comes along with Mattel/Broderbund software, CyDoor, which comes with many ad-enabled products, including KaZaA, and MSBB.exe or N-Case, which overwrites the wsock32.dll Windows system file and does some nasty damage. I have had all of these on my system at one time or another. They eventually caused my system to crash, and I had to format my drives and reinstall everything, including Windows.

Backdoor Santas are non-stealth freeware and shareware applications that may transmit personal information or expose a user’s computer to attack, under the pretense of providing a useful service. Some Backdoor Santas are Download Demon, Real Download, Netscape Smart Download, Real Jukebox, Alexa, which is the one users get most often, Microsoft Windows Registration Wizard, and, of course, Gator. Gator is the absolute worst. It is supposed to store all personal information, including credit card numbers, in a file in the user’s computer so the user doesn’t have to type all personal information into input boxes again and again. It is more like a giant antenna that leads all other spyware programs right to your computer.

Homepage Hijackers will constantly reset a user’s homepage to where its author wants a user to go, and the user cannot change it back. Examples are passthison.com, which attacks Internet Explorer most in user’s having the operating system Windows 98 SE, mycpworld.com, which is a bogus porn site geared toward people who are looking for pcworld.com, and Bonzi Bubby, a websurfing companion.

Foistware is unwanted application programs that come along, trojan-style, with completely unrelated software, and since they tag along with so many different pieces of third-party software, it is not uncommon to get re-infected with these foistware products again and again.  Some Foistware examples are Gator, AOL Instant Messenger, NewDotNet, and WebHancer.

Spyware can come from private sources as well as corporate sources. A man in Madrid Spain was “arrested on charges of writing a malicious Trojan designed to steal confidential banking information from Web users and take secret video recordings through their webcams” (Jacques, 2005). He had designed the Trojan to spread via peer-to-peer networks like KaZaA. The man was able to steal bank passwords, personal documents, and pictures. He could also activate victims’ webcams whenever he wished.

What Laws Are Being Broken by Spyware

Usually, spyware is targeted toward adults, but how does the spyware know who is sitting at the computer at any given time? United States law prohibits the collection of personal information from children less than 13 years of age without the written permission of the child’s parent or guardian. The U.S. Child Online Privacy Protection Act, or COPPA, could be a legal wall used to manipulate spyware authors into submission.

End-User, or the person who is going to use the software, License Agreements are unethical, to say the least, if not illegal. When a person downloads a program, more times than not, the attached spyware is not mentioned in the license agreement that a user agrees to before installation of the software will take place. If it is disclosed, it is in a round-about way and buried in the middle of a large agreement. Some agreements, such as KaZaA’s, have been known to be 5000 words or better. Visit http://grc.com/oo/fineprint.htm for an excellent article on this subject.

Congress has stepped in with many bills being brought up concerning America’s right to privacy. Most of these bills are geared toward spammers and junk mailers, but spyware is finally getting some recognition. In view of the Patriot Act and the Patriot Act II, one has to wonder if the U.S. government might have started this entire spyware invasion as a means to regulate activities around the world. Adware would have been a perfect front, until 9-11 happened, then no front was needed.

Right to Privacy: Sneaky Software © February 2, 2005