by AVIEN - Wednesday, 02 November 2005.
Over the past several years, software termed SpyWare has invaded personal computers world-wide and caused increasing problems for users and organizations alike. Members of AVIEN
(Anti-Virus Information Exchange Network) take this threat seriously and call upon all parties involved, including vendors of security software, leaders in organizations, and government officials alike to increase their dedication to fighting this problem.Spyware acts in a variety of ways, including leaving backdoors into computer systems for data theft, system exploitation and malicious utilization, installing software bots and zombies that can be remote controlled and often used for Spamming activities. In all cases, the principle at stake is that users need to be able to manage the software on their systems in the way most suitable for them.While the software companies that produce spyware may make claims about the legitimacy of their products, and point to the End User License Agreements as evidence that the user accepted the installation of the software, the fact remains that it is a rare case that this software will display a clear and unmistakable indication of the intended actions of the software. Burying intentions in the middle of long legalese is not the same as having a screen pop up and ask the user to agree with the software sending his personal information to someone else, to installing software that will give control of his machine to others, etc etc.Furthermore, if a user changes his mind about any software that has been installed on his system, regardless of the category it might fall into, tools should be available to allow the total removal of that software and any components it installed. Spyware, by its very nature, often consists of parts which are not only hard to detect for the average user, but also can be installed in a manner which makes its removal more difficult than normal. Legislators can also take an active role, defining what sorts of actions by software need to be openly declared and explicitly agreed to by users.According to a recent presentation at a security conference, in 2000 approximately 70% of signatures for malware added to a vendor's database was for detecting self-replicating threats (typically viruses). By 2004, this ratio had changed dramatically, with self-replicating threats only representing slightly less than 20% of the new threats with the rest comprised of malicious software that included spyware.AVIEN member Robert Kinsey comments on security software vendor's response to the problem "I would say the vendors are sorely lagging in their responsiveness to this threat and are only now beginning to incorporate spyware/adware detections in their main desktop Anti-Virus tools. Spyware is poised to match other malware in its pervasive choke-hold on computer users because spyware uses the computer user as its vector. Clearly the biggest problem with many spyware is not just that it gets on a system simply by visiting an unscrupulous web site but the seeming lack of self- control on the part of the companies employing spyware to dig as much data about a user or their system to include account info and passwords. These web sites are making it so that simply browsing what should be a free resource of information is becoming just as much a threat as any other malware attachment or internet-aware attack.