Spyware: The Evolution
By: Jesters
In this article I will outline the definition of SpyWare, it's
history, it's original promise and it's present violation of our human
rights. In the past decade and a half the evolution and extreme need for
software has come at great cost, so it's predecessor shareware and freeware
have enabled countless uses to sample, enjoy and even decide to invest in
honest efficient software. From the mass explosion of the Internet came the
ability to spread such software at incredible speed; which was unintended,
therefore increasing the cost of software. Most of today's shareware comes
with ads, giving the programmer the ability to distribute his or her program
at the expense of an advertising company. This newer development of ad-ware
has caused an unprecedented increase in gathering marketing information. The
simplest way to gather marking information was to have the actions of a user
sent to a company to analyze and sell.
What harm can a program do and what
rights dose it violate by sending back harmless information like what
WebPages, music and or videos a person is viewing, buying or sampling? Well
to the multi-billion dollar marking firms it's not unethical, it's good
business! Which I cannot deny, if I was going to sell you something like
books, I would want to see what books were the most popular and market that
book to the fullest. Amazon.com does do this, but with ethical treatment to
it's users. Amazon collects it's own information based on sales, their own
web page views and such, it even groups books so it can advertise these
groups to select users at discount. That's good business, because it's
doesn't take away my right to privacy, because it's using the resources
within it's company to compete rather than to steal my resources to take
advantage of me. SpyWare is an evolution of ad-ware because when a program
wants to take information from you, to send you back a sales pitch, it
violates your right to privacy.
SpyWare thrives on ignorance, people who don't want to read. Read
what you might ask? Install agreements, download instructions, legal
agreements, security updates, news and even web page instructions. The most
important questions are; what is SpyWare and how does it work? If you are
not clear on what SpyWare is let me clarify, it's a program that you have
installed on your computer that takes data based on your actions ( actions
meaning, web pages viewed, media played and such.) and your stored files
(like your music stored on your hard disk, or played by removable disk.). I
know some of you readers are thinking, so what? As long as they're not
hacking me or actually stealing my files then what's wrong? What if someone
walked into your house without your direct permission and went through your
house looking to find out what you purchase. Then sent information to you in
the mail about all these great products you love, of course it sounds great
but it's still my individual right to my privacy. NO piece of paper or click
of a buttons takes away anyone's rights. Just because a person doesn't fully
understand his or her rights doesn't give a company the right to do
unethical business. That's where the government steps in and stops companies
from committing such crimes, but have they? No. Why, because what are they
stealing, only our unspoken privacy, a bunch of information on our computes,
hardly a hefty crime.
Now that you are staring to understand what SpyWare is and how it
came from ad-ware, you can again ask yourself how do I get these programs
that steal my information? Well, it's not that easy to explain because there
are so many levels in which we receive SpyWare. At our current status the
government does not stop companies from producing or distributing this type
of software, so you can get it with a $100 game you just bought. But most
commonly you get it through shareware or freeware, why? Did you ever ask
yourself why you're getting something for free? Why a company built a
program for example; Gator. Gator stores all your online passwords for you,
it's that convenient? This program knows every web page you see and what
level of access you have to this web page because you store your online
passwords with it, a time savor if you will. Well this company is giving you
software that helps you for free, so why shouldn't it take that information
about what you view (again not taking any fiscal file from you) and send it
to a company to be marketed. You might ask yourself how stupid this all
sounds, why would a company care about what I like? Think about it, can you
imagine knowing what online book millions of people are buying? Then make an
add pop-up on everyone's computer that has some kind of SpyWare and offer
that book? It's all about the marketing. Again some of you are asking, so
what? I get that book I always wanted at a really competitive price, yes but
you've also given away your privacy and dignity. If this was true and that's
all they did then it wouldn't bug me about SpyWare, but how do we know how
much information they really have about us? I don't want to be a number in a
huge database because I've downloaded a program that lets certain people see
what I'm doing. That doesn't give me any level of comfort excepting that
they only take information based on what I do. They could read your email,
your files or even open up your computer like a Trojan.
Before I start babbling I would like to clarify the ethics of
this. A person writes a program to collect business data but in the process
it violates a persons right to privacy. How does it violate a persons right,
because NO SpyWare program clearly asks a users permission to accumulate
data from him or her and as we know with any valid contract the details must
be very clear and knowledge to both parties. (You can't put in fine print at
the bottom of mortgage that a bank has the right to go threw your house.) So
how come a program can break that very law that protects millions of people
all over the world, yet not on the Internet? Because most computer users are
computer illiterate, they don't understand what they're doing. The point of
this article is too insure that future users take more interest in what they
do and more importantly what they're computer does. How can a user do this?
1)/ Run a firewall. Firewalls monitor all traffic into and out of a
computer, allowing the user to control the information flowing out. Except
firewalls are somewhat complicated and not every user can use one.
2) Download and run anti-SpyWare software like Ad-Aware
(www.ad-aware.com). Ad-Aware's free anti-SpyWare client finds and notifies
the user of the exploits of SpyWare on his or her computer. Simple to
install and very simple to use. It also auto updates it's file so you stay
on top of new SpyWare.
It's almost impossible to delete and keep clear of SpyWare without
one or both of the tools listed above. My first reason for this is some
software you are going to get in the future is going to be bundled with
SpyWare. (Example: Kaza, Windows Media XP etc..) My second reason is that
you can get SpyWare from viewing web pages because of most users
uncontrolled cookie acceptance. (Like a script or program on a web page that
downloads a program to your computer without you knowing it, WHICH IS
ILLEGAL!) How to stay ahead of the game, well first off read security
updates like HITB or most online news. KNOW your computer, it's like your
car; although you don't need to know everything about it you should know how
to protect yourself, like an alarm (firewall). Also like your car your
computer needs checkups, anti-virus and anti-SpyWare programs MUST BE USED
regularly. Well I hope you understand at least a little about SpyWare from
this article, until next month this is.
1.) MAC Address & ARP Functionality - Resolution
2.) SOTHA #8 - madsaxon
3.) Spyware: The Evolution - JesterS
4.) Demystifying Remote Host - Abhisek Datta
5.) Wireless Security & Hacking - Dr. T
6.) When Code Goes Wrong - DangerDuo
7.) Phone lines, wardialing, laptops & the like - zaxil
8.) The Dangers of SetUID - zaxil
9.) Introduction to Buffer Overflows - Ghost_Rider
