After Microsoft released their stand-along spyware protection tool, Symantec follows suit with their own. My concern is, why isn’t this anti-spyware tool a part of the anti-virus tool? Is it really because viruses and spyware software are so different that a single software cannot prevent against both; or the bottom line of the company would benefit from another much-needed product which the marketplace can take and pay for?
[Via ZDNet UK, UK -]
Spitzer is in the news again. The game in town is "identify theft" and Spitzer is on the ball. According to eWeek, the New York Attorney General is seeking stronger laws against identity theft and computer hacking. New York is the seventh in the United States in per-capita identity theft, so Spitzer’s actions have a reason.
The proposed legislation would allow for security freezes on credit files and boost
protection against companies disclosing Social Security numbers.
Consumers would also receive notice whenever a company shares personal
data with another party and ensure access to profiles compiled by
personal information brokers.
Sounds good, at least a step in the right direction. Too bad not many AGs are in the race for governor next year - we would have had more protection against identity theft.
[Via eWeek -]
Information analyzed by CipherTrust on e-mail collected throughout March and the first half of April from customers worldwide shows that
57% of spam originated from the U.S., down from 86% during June and July last year. This is an interesting trend, especially considering the growing attention paid in the United States to the problem of spam - maybe the lawsuits and the ISP proactive anti-spam efforts are paying off in the US?
"Criminals look for a weaker link, so places like China, or anywhere behind the U.S. in terms of computer literacy, are a
good target," Stanley [CipherTrust's vice president and managing director for Europe,
the Middle East and Africa] said.
Internet-connected computers infected by worms or viruses and under the
control of a hacker, are used to launch denial-of-service attacks, or
send spam or phishing e-mail messages. An average of 157,000 new
zombies are identified each day, and 20% of these are in China,
security company CipherTrust reported this week.
[Via IT Facts -]
How would one distinguish between "spyware" and "researchware?" It’s tricky, as this MSNBC article points out. For example, in a description such as,
It’s just a small download, promoted as a free antivirus program. But
the software is really designed to sit silently on consumers’
computers, watch everything they do online, and send the critical data
back to the program’s creator. The program has swept the Internet in
the last year, with millions of people downloading it.
How would you call a software that does the things described above? Probably spyware, at least I would. This is what a company called MarketScore does. MarketScore entices volunteers by offering protection from computer
viruses. In the past, using the name Netsetter, comScore software
promised faster Internet connections. In both cases, by downloading the
software consumers grant comScore permission to redirect all their
Internet traffic through the company’s servers. ComScore then studies
the traffic to develop powerful market research the firm later sells.
It sounds like a spyware to me, especially when users are not aware of the presence of the software tracking their browsing and clicking habits. MarketScore argues that their practices are not different than Nielsen/NetRatings where they use user panels to collect data. Although I am not familiar with Nielsen’s business practices, I have a feeling that Nielsen’s users are aware and have consented to being monitored.
Responses to "researchware" vary. Some (a Canadian bank) have started blocking traffic flowing through MarketSpace servers. Others are trying to figure out users’ perspective on this - is there informed consent or not? Other defend MarketSpace - for getting a free antivuris program, they agree to allow the "researchware."
More information was released today on the story we reported in March about the theft of customer information from the shoe retailer DSW. It appears that 1.4 milion credit cards and close to 100 thousand check transactions were affected. The News.com article does not specifically indicate whether these were unique credit cards, or total transactions, but the number is very high nonetheless.
Another proposal is out there on how to decrease the increasing volume of identity theft. BITS, a non-profit organization of financial institutions that focuses on business and technology issues has recommended a two-factor authentication as the solution.
Two-factor authentication combines standard username/password combination with a small digital device that generates randomly a code every 60 seconds. The website infrastructure would have the same "random" number engine on their end, so that they know at any time what number any user’s digital device shows. The user would supply the username, password, and the number supplied by the device to gain access to a secure site.
Problem is, how do you deploy such an infrastructure if you have little control over your customers, in many cases the institution does not ever have a physical contact with the user?
"It’s easy to apply two-factor authentication when you have employees
[or a government mandate]," said John Carlson, senior director of BITS, "But it’s a highly different equation
when you deal with customers that can choose between different
[Via eWeek -]
Recent survey on spyware’s impact:
A study by Bigfoot Interactive released
earlier this month revealed that 55 percent of online users said they
had been infected with spyware,
And that number does not include people who have spyware but do not know that they have it.
[Via IT Facts -]
An Australian ISP is temporarily disconnecting PCs infected with trojan viruses. BidPond was required to take this measure after its servers were swamped by malicious traffic coming out of malware-infected PCs a.k.a. "zombies."
In a statement provided to ZDNet Australia , BigPond said it had
stepped up network monitoring to identify infected machines. "Customers
with suspected compromised PCs are being contacted where possible to
encourage them to rectify the issue and if necessary are being
disconnected from the network while the issue is rectified"
Is this a solution to the problem? It is true, many "zombie" PCs will be turned off of the Internet, thus limiting the traffic that BigPond’s servers get, including spam, but it is interesting whether unhappy customers will turn to someone else for their Internet as a result. A non-technical user, who is being told that their PC is infected and thus their network is disconnected is left with few options - one of them is to fork out a large sum of AU$ and hire a "geek" to fix it for them.
Should we allow ISPs to shift the cost of network "cleanup" to their customers?
[Via ZDNet.com.au, Australia -]
A class-action lawsuit against alleged spyware king
DirectRevenue of New York claims that the company has deceptively
downloaded harmful and offensive spyware to unsuspecting users’
computers. The suit alleges that DirectRevenue
"unlawfully used and damaged plaintiffs’ computers to make money for
themselves while willfully disregarding plaintiffs’ rights to use and
enjoy their personal property."
From Lieutenant General Boris Miroshnikov:
"Everyone knows that Russians are good at maths. Our
software writers are the best in the world, that’s why our hackers are
the best in the world."
I am not sure whether I can detect a sense of pride, or distress in this Leutenant’s comment.
[Via ZDNet -]