Good intentions but ultimately ineffective?

TheMSsForum.com: The Microsoft Software Forum

Calif. Bill Requires 'Spyware' Notice

May 18, 10:16 PM (ET)

SACRAMENTO, Calif. (AP) - Consumers would have to be told
before information-reporting "spyware" was added to their
computers if legislation approved Tuesday by the
California Senate becomes law. The measure by Sen. Kevin
Murray, a Democrat, was sent to the Assembly by a 36-2
vote.

Murray said consumers can unknowingly add the spyware to
their computer systems when they buy software.

"These programs track what Web sites you visit, may steal
your passwords, access your financial information, log
your keystrokes, bombard you with pop-ups, track your
purchases and remotely report your activity and personal
information to a third party," Murray said.

Republican Sen. Jim Battin said the spyware problem needed
to be addressed on a national level, but action by
California lawmakers would be a "good start."
___________________________________________________________

Good intentions but ultimately ineffective, right? How
does this put an end to the really bad malware out there,
like hijack browsers, keyloggers, etc.?

A good start indeed, but I compare this to only putting a
Band-Aid on a severe bullet wound.
Top

Re: Good intentions but ultimately ineffective? by N

N
Wed May 19 04:01:09 CDT 2004

In article <edc401c43d5c$31cc61a0$a401280a@phx.gbl>,
anonymous@discussions.microsoft.com says...

> Good intentions but ultimately ineffective, right? How
> does this put an end to the really bad malware out there,
> like hijack browsers, keyloggers, etc.?

Actually, I suspect that most scumware already complies with the proposed
law, in that the software does pop up permission requests. Usually in a
sleazy and confusing manner, and not always, necessarily, honoring the
user's choice. A programmer can program the "No" button to silently install
the scumware, after all. And how does the user prove he clicked on the "No"
button?

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint
Top

Re: Good intentions but ultimately ineffective? by Robert

Robert
Wed May 19 14:15:52 CDT 2004

Well the people named below are either clueless or in the pay of the spyware
authors, is the only conclusion I can draw from that report.

A lot of spyware already "asks for permission" because when you install the
utility that includes it, the licence file which nobody reads also includes
a note to say that if you agree to install the main bit of software you also
agree to install the leech scumware attatched to it.

So, if you install Kazaa, for example, you *agree* to installing the
scumware that comes with it; it is on your computer because you said it was
ok for it to be there.

So... what was the point of the proposed bill again?

Like you said, good intentions (perhaps) but ultimately ineffective.

Wondering wrote:
> Calif. Bill Requires 'Spyware' Notice
>
> May 18, 10:16 PM (ET)
>
> SACRAMENTO, Calif. (AP) - Consumers would have to be told
> before information-reporting "spyware" was added to their
> computers if legislation approved Tuesday by the
> California Senate becomes law. The measure by Sen. Kevin
> Murray, a Democrat, was sent to the Assembly by a 36-2
> vote.
>
> Murray said consumers can unknowingly add the spyware to
> their computer systems when they buy software.
>
> "These programs track what Web sites you visit, may steal
> your passwords, access your financial information, log
> your keystrokes, bombard you with pop-ups, track your
> purchases and remotely report your activity and personal
> information to a third party," Murray said.
>
> Republican Sen. Jim Battin said the spyware problem needed
> to be addressed on a national level, but action by
> California lawmakers would be a "good start."
> ___________________________________________________________
>
> Good intentions but ultimately ineffective, right? How
> does this put an end to the really bad malware out there,
> like hijack browsers, keyloggers, etc.?
>
> A good start indeed, but I compare this to only putting a
> Band-Aid on a severe bullet wound.


Top

Re: Good intentions but ultimately ineffective? by Kent

Kent
Wed May 19 23:20:40 CDT 2004

Wondering wrote:
> Calif. Bill Requires 'Spyware' Notice
>
> May 18, 10:16 PM (ET)
>
> SACRAMENTO, Calif. (AP) - Consumers would have to be told
> before information-reporting "spyware" was added to their
> computers if legislation approved Tuesday by the
> California Senate becomes law. The measure by Sen. Kevin
> Murray, a Democrat, was sent to the Assembly by a 36-2
> vote.
>
> Republican Sen. Jim Battin said the spyware problem needed
> to be addressed on a national level, but action by
> California lawmakers would be a "good start."
> ___________________________________________________________
>
> Good intentions but ultimately ineffective, right? How
> does this put an end to the really bad malware out there,
> like hijack browsers, keyloggers, etc.?

There is only one way to deal with spyware legislatively and that is to
identify the bad behaviors and then ban them all.

If this bill only bans one of the bad behaviors, then it is a start but
a poor one. Software must not:

1) install itself without permission
2) make itself difficult to remove
3) hide its presence or disguise its intent
4) degrade the security of the computer

Oops, better skip item 4) or else we'll all have to switch to Linux. ;-)

Frankly, the best way to deal with spyware is to remove the
programmability features from IE. That is Microsoft's responsibility.

--
Kent W. England, Microsoft MVP for Windows Security
Top