* subscribe at http://techPolice.com LIFE IN CYBERSPACE Be Warned: Your Software Is Watching John M; Moran; John Moran covers technology for the Hartford Courant Copyright 2001 Newsday, Inc. Newsday (New York, NY) July 4, 2001 Wednesday ALL EDITIONS Is your software harboring a secret spy? Could be, especially if you've been downloading a lot of freeware or shareware programs. In the growing scramble for revenue, many Internet companies are resorting to what's known as "spyware." Spyware programs-often bundled with other software-are designed to collect statistical and online-usage data, often without the knowledge of the computer user. The data is then reported back to the software maker, generally for advertising purposes. I had heard about spyware programs, but was still shocked to find one running on my home PC. The program, called "WebHancer Customer Companion," arrived stealthily, along with a piece of software I had downloaded to play MIDI, a kind of digital music file. On reinspection, the Web site where I downloaded the MIDI player did mention that WebHancer was bundled inside. That mention was tucked at the bottom of a Web page that appeared only as the software was poised for download. So blame me, at least to some extent, for not reading the fine print, though that hardly qualifies as formal notification. In any case, I quickly installed the MIDI player, blissfully unaware that WebHancer was taking root, virus-like, in my PC at the same time. Fortunately, I'm using a program called ZoneAlarm, free personal firewall software from ZoneLabs (www.zonelabs.com). Generally, this software protects against hackers getting into your computer from the Internet. But it also lets you know what software on your computer is trying to connect out to the Internet. Sure enough, within minutes of having installed the MIDI program, ZoneAlarm is asking me whether I want to grant WebHancer permission to connect to the Internet. "Let what do what?" I asked. In another minute, I found the culprit. Although the uninstall process was relatively quick and painless, the experience was unsettling, to say the least. Actually, as spyware goes, WebHancer is relatively benign. The company has a privacy policy that promises, in part, that it will gather no personally identifiable information. The data gathered from consumers, it says, is used only to measure Internet performance for the benefit of e-commerce sites. But as anyone can see, the Trojan Horse-style technique of bundling one program with another is open to wide-ranging abuse. And indeed, a favorite trick of hackers who want to grab control of someone else's computer is to plant a program there that will respond to external commands. The hacking scenario is relatively rare, but the use of spyware-also known as "adware"-by commercial advertisers is all too common and growing. People should be free to participate in any advertising scheme they like. But they should consciously choose to do so after having been fully and clearly informed about what data is being collected and how it will be used. Most spyware ignores those principles. Sneaky installation procedures, silent data uploads and fine- print disclosures just don't cut it. For more on spyware, check out these Web sites: OptOut at http://grc.com/optout.htm, Counterexploitation at http://cexx.org, The Spyware Infested Software List at www.infoforce.qc.ca/spyware and Spychecker at www.spychecker.com ============================================================ Half.com is the Smartest Place to Buy & Sell your CDs, DVDs Books, & Games! Get killer deals on over 10 million items priced up to 50-90% off. Plus get $5 off your 1st purchase. http://click.topica.com/caaacuMb1dhr0b2EDp2f/half ============================================================ --via http://techPolice.com archive: http://theMezz.com/cybercrime/archive subscribe: [EMAIL PROTECTED] --via http://theMezz.com ==^================================================================ EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2EDp2 Or send an email To: [EMAIL PROTECTED] This email was sent to: archive@jab.org T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================