It's the new bad guy in the government's bull's-eye.
Spyware, software that collects personal information about Web-surfing habits or application usage, is a growing concern. Opponents say the software violates privacy rights and can bog down Internet and computer performance. At its worst, spyware can usurp private information, including passwords and banking information.
The Federal Trade Commission is taking notice; it's holding a full-day workshop in Washington on the topic Monday.
Spyware typically is installed on a user's computer without his or her consent. Or, if a software maker is up-front about its presence, the fact that it exists is so deeply embedded in the software license agreement that most users don't know they've agreed to be watched when they click "I Agree."
What most people call spyware today is actually adware--small applications installed on PCs from Web sites or peer-to-peer file-sharing programs to track a user's interests and Web-surfing habits. The software is used to display targeted advertisements. But the FTC is concerned that hackers may start using the technology to steal personal information, such as bank account and Social Security numbers, to conduct fraud and identity theft.
There may be something to be concerned about. Last week, EarthLink and desktop privacy and security company Webroot Software Inc. released a survey of 1 million Internet users. They found that those systems averaged 28 spyware applications each. Of the 29 million spyware applications they spotted, the majority were largely benign-but-annoying adware. More disturbing, they found more than 300,000 programs running on the 1 million systems surveyed designed to steal personal information and even potentially give attackers access to users' systems.
The survey also found more than 30% of all systems scanned were infected with Trojan horses or system-monitoring applications.
Experts say the explosion in malicious code infections isn't just about Internet worms and E-mail mass-mailer viruses anymore. A big part of the problem is the number of people using popular file-sharing networks. Late last year, Bruce Hughes, director of malicious-code research at TruSecure Corp.'s ICSA Labs, conducted an experiment on these types of malicious apps residing where file-sharers dare to tread.
Hughes set up a crawler program on Kazaa and other peer-to-peer networks, scanning for popular file types using keywords such as sex and antivirus. Hughes says 45% of the files he downloaded contained malicious applications. "If you're downloading files from these networks, you're going to get infected with something," he warned.
The FTC workshop will focus on defining spyware and how it differs from adware; how spyware is distributed, and how peer-to-peer file-sharing networks contribute to spyware infections; how spyware affects both privacy and the performance impact on infected systems; and how government, consumers, and the IT industry can best combat spyware.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.