News
News
4/19/2004
08:46 AM
50%
50%

FTC Takes Aim At Spyware

It's the new bad guy in the government's bull's-eye.

Spyware, software that collects personal information about Web-surfing habits or application usage, is a growing concern. Opponents say the software violates privacy rights and can bog down Internet and computer performance. At its worst, spyware can usurp private information, including passwords and banking information.

The Federal Trade Commission is taking notice; it's holding a full-day workshop in Washington on the topic Monday.

Spyware typically is installed on a user's computer without his or her consent. Or, if a software maker is up-front about its presence, the fact that it exists is so deeply embedded in the software license agreement that most users don't know they've agreed to be watched when they click "I Agree."

What most people call spyware today is actually adware--small applications installed on PCs from Web sites or peer-to-peer file-sharing programs to track a user's interests and Web-surfing habits. The software is used to display targeted advertisements. But the FTC is concerned that hackers may start using the technology to steal personal information, such as bank account and Social Security numbers, to conduct fraud and identity theft.

There may be something to be concerned about. Last week, EarthLink and desktop privacy and security company Webroot Software Inc. released a survey of 1 million Internet users. They found that those systems averaged 28 spyware applications each. Of the 29 million spyware applications they spotted, the majority were largely benign-but-annoying adware. More disturbing, they found more than 300,000 programs running on the 1 million systems surveyed designed to steal personal information and even potentially give attackers access to users' systems.

The survey also found more than 30% of all systems scanned were infected with Trojan horses or system-monitoring applications.

Experts say the explosion in malicious code infections isn't just about Internet worms and E-mail mass-mailer viruses anymore. A big part of the problem is the number of people using popular file-sharing networks. Late last year, Bruce Hughes, director of malicious-code research at TruSecure Corp.'s ICSA Labs, conducted an experiment on these types of malicious apps residing where file-sharers dare to tread.

Hughes set up a crawler program on Kazaa and other peer-to-peer networks, scanning for popular file types using keywords such as sex and antivirus. Hughes says 45% of the files he downloaded contained malicious applications. "If you're downloading files from these networks, you're going to get infected with something," he warned.

The FTC workshop will focus on defining spyware and how it differs from adware; how spyware is distributed, and how peer-to-peer file-sharing networks contribute to spyware infections; how spyware affects both privacy and the performance impact on infected systems; and how government, consumers, and the IT industry can best combat spyware.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 7, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program!
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.