alun
Mon Nov 03 08:53:37 CST 2003
In article <043501c396cd$a2c69050$a601280a@phx.gbl>, "JJ"
<anonymous@discussions.microsoft.com> wrote:
>Is Hotbar adware and spyware? What's the difference
>between the two?
A discussion on adware:
Way back when, people started handing out floppy disks (which really were
floppy) containing software they had written, to friends, neighbours,
colleagues, etc, to show off what they had written, as well as to gain some
prestige. As the Internet and bulletin boards developed, this grew into the
concept of "shareware". Originally, shareware was distributed as full
versions, with a polite request that the recipient pay a more-or-less
nominal fee to the author (certainly less than the hundreds to thousands of
dollars asked for similar software by the big software houses) if the
recipient continued to use the software.
The flaw in this is obvious - a great many people ignored the notice, and
ran the software without paying the author for it. As a result, a lot of
good programs were used far and wide, and their authors were not rewarded,
frequently dying in penury. Okay, not quite, but their programs died before
they had a chance to mature, because the author almost always had to have a
paying job, and that came before adding the next feature to their program.
As a result, some formerly freely available programs got turned over to the
big software companies, who charged hundreds to thousands of dollars for
better versions of the old shareware program, putting it out of the reach of
the users. Other developers chose to 'cripple' their shareware versions, by
reducing features, or putting time limits on the amount of free use you
could have. Of course, that results in people trying to hack out the
restrictions, but that's a topic for another discussion.
In recent years, some developers hit on an even better idea - why not try
sponsorship? Just as the guy in the sporting event bears a few logos on his
shirt, or the television news breaks every so often for commercials, so too
could programmers briefly interrupt their program (usually in terms of
space) with a message from their sponsor.
A great idea, with a couple of major flaws. The advertisers wanted to pay
only small amounts, because they claimed that the programs would only go to
a few people. And they weren't happy about the idea of including a static
logo, because of course advertising campaigns come and go. The answer - the
advertising-supported software (or 'adware') would have to download fresh
adverts every so often, and they would have to log which adverts were
displayed, for how long, to how many users, and which ones were clicked on
to reach the advertisers' web site.
Those of you who have even a slight security bent to you will realise the
problem - the frequent updating of adverts meant that the software had to
have a permanent connection to the Internet while running, and would
constantly be advertising not only commercial content to the user, but
information users might rather hold private ("I'm running XYZ app at IP
address a.b.c.d, and I've been doing it for the last three hours") would be
sent out. And, because the advertisers didn't trust the developers to count
and forward only summary information, that information would be going
straight to the advertisers - the people we least trust with our private
information!
This is where adware crosses into spyware - software that informs a third
party of something about the user - whether that's simply usage information,
or more insidiously, personal information that might be stored in the user's
system. Spyware runs the whole gamut from software that merely establishes
a connection every few minutes to display a new advert (but which thereby
tells the advert provider that a user at a.b.c.d is still online, and still
using the software) all the way up to programs that will search your hard
drive or monitor your keystrokes.
The ideal adware is a program that is entirely funded by one or more
campaigns from the outset, and doesn't monitor usage, and which thus manages
to embed only static commercials in the software. This is almost always the
preserve of software that advertises other software by the same author. A
few companies will produce advertising vehicles with the intent of having
you download them and use them - most often, these are little games. The
earliest example I can remember was a Ford driving simulator, but I'm sure
there were others.
Of course, some developers realised that you didn't actually have to do
something as mundane and profit-threatening as letting your users know what
they were installing. So they installed their little adware / spyware hooks
silently into your system, and while the advertisers received information as
to which developer to reward for passing more 'eyeballs' in their direction,
the users didn't have a clue who to blame, or how to remove the software.
This is when spyware, already a significant threat to privacy, treads into
the world of Trojan Horse software.
At least with some spyware, the installer would tell you what it was going
to log, and what interaction it would have with the advertisers (even if it
was usually buried in the licence agreement, which _nobody_ reads). Most of
the ones that you'll hear discussed lately are of the Trojan Horse variety,
installing without the user's permission or knowledge, and taking active
steps to avoid being found or removed.
I don't know that I need to say this, but here goes: Do not ever purchase
anything from an advert that appears in an unexpected popup window. Do not
click on such a popup window, even if you think you are closing the window.
You will probably get the least chance of being spied upon by pressing
Ctrl-Alt-Del, then the "Task Manager" button(*), to bring up the Task
Mangler, then selecting the Application that is displaying the advert, and
then pressing the "End Task" button.
Then go searching at your favourite search engine (mine's www.google.com)
for hints on what spyware you have installed, and how to remove it.
There - more than you ever wanted to know about adware, spyware, and trojan
horses.
Alun.
~~~~
(*) You can use Ctrl-Shift-Esc to bring the Task Manager straight up, but
Ctrl-Alt-Del is a sequence that you should be able to trust as not being
hijacked.
[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at
http://www.wftpd.com or email
1602 Harvest Moon Place | alun@texis.com.
Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.