Privacy threats are everyone's problem
January 5, 2004
What every computer user should know about spyware
By Jessica Swesey
A loosely defined collection of computer software known as "spyware" has quickly become the subject of considerable public alarm. Recent bills introduced in Congress are a step in the right direction toward curtailing these hidden self-installed computer applications, but such efforts won't be enough to ward off potential damage, the Center for Democracy and Technology concluded in a new study.
The study, "Ghosts In Our Machines: Background and Policy Proposals on the 'Spyware' Problem," identified the range of applications known as spyware, clarified the core problems raised by these applications and provided tips about how to protect information and computers from spyware.
Real estate brokers and agents need to be aware of these potential threats because their computer systems hold the personal information of hundreds of clients and real estate transactions. The study identifies spyware applications as posing a "significant privacy threat" to users' information and data stored in their computers, as well as larger problems.
"Privacy is one of the major concerns raised by spyware, but the larger issues are transparency and control," the study noted.
Users lose control over their computers because they typically are unaware that spyware programs are installed and often are unable to uninstall them, according to the study. In some cases, these programs can change the appearance of Web sites or alter low-level system settings, causing poor system performance. This result can place a substantial burden on technical support departments, which can cost time and money.
"Users should have control over what programs are installed on their computers and over how their Internet connections are used," the study noted. "A growing body of invasive applications takes away this control."
The study looked at three existing laws that may have relevance to the most extreme cases of spyware, but argued it makes more sense to articulate basic privacy standards to which all programs should be held, rather than try to pin down specific regulations. Many spyware programs obtain user authorization buried deeply within the user agreement so they technically do not break any laws.
"Combating the most invasive of these technologies will require a combination of legislation, anti-spyware tools and self-regulatory policies," the study noted. "More thought needs to be given to spyware as a problem of trespass in addition to as a privacy issue."
Technology measures and user education will also be critical to any spyware solution, according to the study.
Technologies to help deal with spyware invasions are in various stages of development, the study noted. Applications that will search a hard drive for spyware applications and attempt to delete them include AdAware, Spybot Search and Destroy, Spyware Eliminator and BPS Spyware/Adware Remover.
Several groups are working on ways to detect and quarantine spyware programs before they are installed.
The National Association of Realtors in November launched Realtor Secure, a program that aims to certify technology security practices used by MLSs and real estate brokers. The trade group wants to raise security consciousness among its members through the program, which uses third-party security consultants to evaluate system security based on industry best practices.
The study identified three categories of spyware. The first category includes programs that collect information from a user's computer, possibly including such personal information as names and e-mail addresses. An example is nCase, which is produced by 180Solutions. This program is bundled with an array of free products and tracks Web sites viewed once it is installed. The program uses the data it collects to deliver targeted pop-up ads and the vendor sells that data to third parties, according to the study.
"This can compromise both a user's control over his computer and Internet connection and his privacy," the study stated.
The second category consists of programs that hijack the user's computer and Internet connection for their own purposes. An example is Altnet.
The third category includes programs that are used mainly for advertising, but that don't track users. An example is Aureate/Radiate. This type of spyware is unlikely to take control of the user's computer, but it can silently and insecurely download updates without user prompting, according to the study.
Copyright: Inman News Features