CSC 379 SUM2008:Week 3, Group 4
Bundling Malware
Some types of malware are legal, such as ad-ware and spyware that often comes bundled with (frequently free or trial-use) software applications. Examine recent attempts to regulate ad-ware and spyware, and the ethical concerns addressed. What ethical considerations are there in deciding to bundle ad-ware and spyware with software? Is regulation needed?
Bundling
Many freeware and shareware applications have been incuding spyware and ad-ware applications along with thier products. Many of these products include:
- Peer to Peer applications
- Free Email Clients
- Game Downloads
- and many others...
These companies choose to bundle this ad-ware/spyware with their product in order to gain a profit. One bundle that computer users see the most is Internet Explorer toolbars. These toolbars although not malicious, put advertisements and slow down Internet Explorer.
There are more harmful bundles; however, technogoogles recently published an article discussing how imesh, a peer to peer music network, has been using Marketscore. Marketscore diverts the users internet connection through a proxy, this proxy looks at the user’s internet usage and credit information.
Why Bundle?
Software developers bundle with malware in order to gain a profit. There are some developers that do not bundle and simply put out their products out of the goodness of thier hearts. Other developers need the money but do not have enough money to go about advertising their products so they bundle it with malware in order to make a small profit. With this profit, if the developer continues to make software, he/she may now have enough money to go about advertising for thier next product and will not have to bundle it with malware.
Regulation Attempts
Windows has the largest problem with being compromised with spyware and ad-ware. Since it is used by a majority of computer users, spyware and ad-ware code writers target it more than its competitors. To deal with this, windows has a firewall included in its operating system. Windows has also recently released Live OneCare as a subscriptions antivirus and malware removal software. Other companies such as Norton and McAfee have upgraded their antivirus software to help users remove harmful malware.
Government on Malware
Existing U.S. laws that can be used to fight "spyware" are:
The Electronic Communications Privacy Act (ECPA).
The Computer Fraud and Abuse Act.
Title 5 of the Federal Trade Commission.
There is also new legislation, known as the "Spy Act", and its main objective is to protect Internet users against “cybertrespassing” -- namely security and privacy breaches -- brought about by spyware or adware. The Spy Act makes it illegal for non-owners or unathorized users to infiltrate and sabotage a computer used by financial, government, or communications personel. The Spy Act also makes it unlawful for a non-user of a computer to transmit information collection programs to a computer protected under the legislation, unless the program gives notice before executing its collection functions and specifies its functions, or unless the user has already given consent under a previous notification. Infractions for this law are set at a costly three million.
Freeware Removal
There is also freeware that users can download to help remove spyware and ad-ware.
- Spybot Search and Destory Spybot is a free program that users can download to help with removal of harmful spyware.
- Ad-aware Ad-aware is a free program that allows users to search their computers for ad programs, including annoying pop-ups, and remove them.
Ethical Concerns
- Will the average user be aware of the introduction of malware onto their system? -- Many malware/adware programs are installed during other installations where the user might (unintentionally) click through to the next screen without noticing they even have an option.
- Is it ethically correct to include non-desirable software in downloads/installations? -- Companies/organizations include malware to make money or mine data from users without even compensating or notifying them.
- Can users easily remove all traces of malware? -- Certain programs either make it extremely difficult to remove their attached malware or they choose to disable their software once stripped of malware. Both of these situations put users in an undesirable position.
- Who is receiving the information mined by malware programs? -- Companies could go so far as to sell information gathered by malware to other third parties, creating extreme privacy concerns for end-users. As for where and how this information is stored once it has been collected, that's another ethical issue entirely.
Links
Some types of malware are legal, such as ad-ware and spyware that often comes bundled with (frequently free or trial-use) software applications. Examine recent attempts to regulate ad-ware and spyware, and the ethical concerns addressed. What ethical considerations are there in deciding to bundle ad-ware and spyware with software? Is regulation needed?
- http://www.benedelman.org/spyware/
- http://www.microsoft.com/presspass/features/2004/apr04/04-20Spyware.mspx
- http://www.zdnetasia.com/sitemap/?pt=l&dt=prod&id=39001191
- see TA for print article
- http://www.theregister.co.uk/2005/10/06/ms_client_protection/
- http://www.io.com/~cwagner/spyware/old-index.html
- http://www.roughlydrafted.com/2008/04/02/five-factors-shifting-the-future-of-malware-and-platform-security/
- http://www.ecommercetimes.com/story/37297.html
- http://www.pcworld.com/article/118069/spyware_bill_passes_house.html