Joel
Pippin
INLS 187-300
12.01.04
Future Forecast
:::
The same spyware definition is available at many vendors and sites on the web:
“Any product that employs a user's Internet connection in the background without their knowledge or explicit permission, and gathers/transmits info on the user, their machine, or their behavior.”
It includes categories or is known by names such as foistware, malware, crapware, eulaware, scumware, snoopware, pestware, trespassware, and adware. Whatever you call it, spyware is a threat that will not be going away soon. Spyware is rampant and the problem is growing. At this point in time, anyone not using a spyware checker is likely to be home to hundreds of spyware and related bits.
Spyware has been around for years, but not long enough that any investigative research seems to have gone into finding a ‘first instance.’ Certainly Gator was one of the first in my memory. Gator, if memory serves, began in 2000 or 2001 as a tool for automatically entering address, password, and credit card information into websites for users who were too lazy or memory lacking to enter it themselves. I don’t know if Gator became corrupt (and I don’t use that term loosely) after they realized that their product could amalgamate and send the information stored or if it had such sinister plans from the beginning. Read more about the vile entity that began as Gator here. Regardless, Gator was one of the first adware/spyware companies seeking to collect personal information and turn it into cash for themselves. Doubleclick and others followed suit. Saying that it’s a profitable business is quite an understatement.
But I’m blurring the lines a bit. Adware, such as pop-ups or page redirects, is not the the same as spyware that tracks user behavior, redirects POST data, or logs user keystrokes. There’s a reason for the blur, though - and it stems mostly from the complexity of technology. Cookies are part of the blur, and they are mostly benign and are rather useful to life on the Web. However, are cookies that track user behavior across websites for marketing and research purposes adware or spyware? Such debates are what keep not only alternative names for spyware coming, but also keep the first umbrella term of ‘spyware’ the popular generic choice.
Spyware has just begin to hit the radar for the average user in the past year or so. The Internet community has been debating it for several years, but until the average media bloke notices it and gets it to the AP wire, middle America often remains in the dark. I suppose Kazaa is responsible for some of that awareness. A teenager’s parents may overlook filesharing if it doesn’t affect the family computer, but once the computer hard drive is grinding mercilessly throughout the night... or the computer crashes or slows to a crawl... or pop-ups start showing up everywhere... the parents take issue. I have a young cousin who’s filesharing installations did all of the above, and until I cleaned several hundred spyware and adware pieces, they only new that something was wrong – but no virus was showing up in a scan.
Spyware isn’t going anywhere anytime soon. Antivirus companies such as Symantec and Kaspersky are already integrating ‘threat analysis’ checkers that search for spyware components. There will be spinoffs of antivirus products just for spyware, and there will be more bundling of spyware checkers into virus checking software. Personally, I like programs that do a single thing very well rather than those that do many things fairly well. Perhaps viruses and spyware have more in common than I believe they do, but regardless, the antivirus industry is just beginning to figure out how to standardize virus naming – trying, in addition, to coalesce thousands of spyware types and names doesn’t seem like a particularly smart move to me.
Software products like Ad-aware and Spybot Search and Destroy won’t remain free for much longer. A year or two perhaps – But they will either fail to keep up with large software companies who will market the product to the masses in the same vein as antivirus – with fear instead of rationality. Perhaps Microsoft will get in on the game – forcing users to pay for a fix for that which the IE browser is at least partially responsible. I’m trying to be fair, but Active-X is a big part of the problem – one that Microsoft seems incapable or unwilling to fix. And no, I don’t assume the average user is capable of setting up ‘zones’ correctly. Then again,. browsers such as Firefox may become populat enough to iradicate that issue anyway.
I’ve been following spyware as a growing issue since it first started showing up four or five years ago. I had the first version of ad-aware. I read about and deal with spyware issues on a weekly basis. Therefore, I make the above statements with a great deal of confidence that it will come to pass – at least in some version similar to my forcast.
:::