May 4, 2005 4:00 AM PDT

Newsmaker: Spying on the spyware makers

See all Newsmakers
Spying on the spyware makers
Ben Edelman may be spyware's most dangerous enemy.

The 25-year-old researcher has spent years analyzing how spyware and adware programs work and publicizing his findings. That often results in red faces and, occasionally, lawsuit threats from companies like WhenU and Claria, formerly known as Gator.

When testing spyware and adware, Edelman isn't about to sacrifice his own Windows XP computer. So he uses the VMware utility to create a virtual Windows box.

"I infect the hell out of it," he says. "It destroys the infected machine."

A law student at Harvard University, Edelman is also working on a doctoral degree in economics. CNET News.com caught up with him after he spoke at a conference in San Francisco sponsored by News.com's sister site, Download.com.

Q: What got you interested in spyware in the first place?
Edelman: I took a call from the plaintiffs in the Washington Post case against Gator. They thought what Gator was doing was absolutely destructive to the availability of free content on the Web. After all, if advertisers could buy ads from Gator to reach the Washington Post's audience, who would buy ads from The Washington Post?

I happened to think they were right. But the case settled out of court on the eve of trial, so we didn't find out for sure whether Gator's business was legit.

It's absolutely fascinating to watch Symantec and McAfee struggle with this.

How much time have you spent since then on spyware-related topics?
Edelman: It's scary. It's what gets me out of bed in the morning right now, more so than classes, more so than my dissertation research. I probably spend 30 hours a week. It's been nonstop for the past 15 months. Before that, it was quite a bit less intense.

What was the most interesting thing you've discovered?
Edelman: There's just a huge amount of money changing hands here. The biggest, richest American companies are buying advertising through spyware. The biggest, richest venture capital firms are investing in those who make this kind of unwanted software. That's names like American Express, Sprint PCS, Disney, Expedia, Guy Kawasaki's firm.

You're using the word 'spyware.' But you also mean the advertising-based networks with pop-up ads, right?
Edelman: Absolutely right. My claim is that each of the so-called adware networks has obtained installations and is still obtaining installations in ways that offer such poor notice and obtain such limited consent--sometimes none at all--that users can't fairly be said to have consented. If they didn't consent, and their activities are being monitored or transmitted, then that's spying.

Have you ever been threatened by spyware makers or adware makers?
Edelman: Yes. Some vendors have challenged the permissibility of my methods. For example, Gator was awfully angry when I posted a Web service that let any Web site operator see how Gator was targeting their site with competitors' pop-ups. They sent a series of legal papers, complaints, threats to me and my then-bosses at Harvard's Berkman Center.

I seem to remember that you had written some controversial software that tested what one adware program was doing--I think it was WhenU.
Edelman: I can't comment about that.

Ask Jeeves seems to be an above-the-board company. What's your complaint with them?
Edelman: The core problem is Ask Jeeves' installation practices. Sometimes their software gets installed without any notice or

More Newsmakers

CONTINUED:
Page 1 | 2

36 comments

Join the conversation!
Add your comment
spyware or adware
I suggest, a boycott of any company that encourages the use any spyware or ad ware, until they discontinue the practice.
Posted by philip augustine (1 comment )
Reply Link Flag
You could do that
But look at it this way: my computer is practically spotless and free from spyware, adware, and the like. I don't have any toolbars. I scan my computer frequently for viruses and spyware, though I (fortunately enough) come up with nothing most of the time.

I am not the norm.

A vast majority of people have no idea how things like this work. I work with a guy who clicks on every popup. Every single one. When I asked him why he does that, he said that because he thought he had to. The mother of a friend of mine clicks "Yes" to every install request that pops up. She figures she needs them to play the online games that she downloads. For the most part, she does, but those, too, can be riddled with miscellaneous nasties.

It has gotten to the point that the internet and its associated technologies have grown much faster than the general user base can be mass-educated. Without some sense of decency or ethics on the behalf of the advertising corporations, there's no telling what they'll do.
Posted by Christopher Hall (1205 comments )
Link Flag
Breaking the Law!
If someone was to break into your house (computer), and install
cameras (spyware) to monitor your activity, and sell this activity
log to someone (spyware vendors), it would be a felony under all
states and US federal law.

Spyware vendors should be 1) criminally punished for breaking
and entering, unlawful entry, violation of personal privacy laws,
and destruction of private property (computer operations) 2)
civilly punished for loss of productivity loss costs, direct
increased costs in management and administrative costs, as well
as protection and enforcement costs (anti-spyware).

The sooner the lawmakers wake up to this illegal activity, and
make the analogies to current law, we will all be able to start to
crack down on these flagrant criminals in the computer world.

Then again, if your car ran as poorly as MS Windows, there
would be class action suits all over the place against Microsoft,
so I guess we, as a society, have been desensitized to abysmal
respect for our personal rights.

I am glad that my OS X machine is, so far, immune to these
threats....and this is coming from someone that was part of the
original IBM PC development team, circa 1980.
Posted by kirk_rr (10 comments )
Reply Link Flag
It's already illegal.
Technically, it's unauthorized access that can already be prosecuted (criminally) under various statutes. The question is why it isn't being prosecuted.
Posted by sjsobol (115 comments )
Link Flag
It's not quite that easy
If, let say for a free dinner, sign a document that says a marketer can come into your house (install to your PC) and set up some equipment to monitor what your doing (intentionally vague there. Not all spyware is that intrusive), then it is not illegal. A vast majority of the machines I have cleaned of spyware have some P2P music download software on them. Or some other sponsored freeware. For the most part, they had no idea what they were agreeing to, but that does not alter the fact that they said yes.
And if any car ran like any current desktop OS ( what, I can only have an Apple Engine? No road (software) to that destination? The spinning beach ball of death?) , there
would be class action suits all over the place.
Posted by catchall (245 comments )
Link Flag
The problem is. . .
The problem is that, like financial contracts, people DO NOT read the agreement. Then when they get into trouble they complain they did not know what they were getting into. I read the agreements and the freeware that I do have, I registered for was free of spyware. All these companies want is an email address so that they can notify a person of an update to the app. Some of these companies that are spyware free apps are:
ZoneAlarm
Freshdevices
Freshwebmasters
Grisoft
Lavasoft
Search and Destroy
and few others. They require no more then an email address, like it has been cited before, only to notify of updates to their respective software.
Posted by techtype (25 comments )
Reply Link Flag
Not Always
I've been seeing spyware that will install itself appearently through browser security holes. No pop-up warnings or license agreements shown. I've seen one major, well known site that was sporting banner ads that secretly installed spyware.

Staying up to date takes care of it, but still, its not always the users actions leading to the infection.
Posted by (402 comments )
Link Flag
Cnet uses tracking cookies
Interestingly, Cnet uses a bunch of "cookies" to track. The one that is used when reading this article is Advertising.com. Spybot will find 6 instances every time I click on the article "Spying on the spyware makers".

Cnet uses "other" tracking cookies heavily and am considering dropping their news services as I am getting tired of running Spybot and AdAware every time I open a Cnet email.

Warm regards,

Gary
Posted by gary hall (7 comments )
Reply Link Flag
Disable Cookies
Quit being so parinoid and simply disable your cookies. It's not that difficult, ya know.
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
use firefox and adblock
it's not a good idea to disable cookies altogether. you have to use some sort of ad blocking filter to make sure the spy cookies aren't installed on your system every time.

firefox has a add-on called adblock. it will block the ads and the cookies that come with them. you can download it from mozdev. you can also download filters for ad block from here:

<a class="jive-link-external" href="http://www.geocities.com/pierceive/adblock" target="_newWindow">http://www.geocities.com/pierceive/adblock</a>
Posted by (1 comment )
Link Flag
Don't get paranoid about cookies
Cookies aren't going to hurt you. Even the ad networks like advertising.com and doubleclick.com don't do anything more than manage which banner ads you're likely to see--and since you mentally blank them out anyway, what do you care? Cookies *are not* spyware and *aren't* a threat to you or anybody else. Save your paranoia for other more deserving technologies. Most Web sites trying to grasp reader patterns and serve their readers are being driven crazy by visitors who disable their cookies for no good reason.
Posted by mcwong2000 (7 comments )
Link Flag
contracts?
I may be missing the point, but when you click that you agree to something, (or worse, don't get the opportunity) isn't that entering into a contract? If they are targeting kids sites, aren't minors then entering into contracts? If nothing else is illegal in this, isn't it illegal to accept a contract from a minor?
Just wondering.
SC
Posted by sdencar (28 comments )
Reply Link Flag
not illegal
I'm not sure about all states, but I believe in Louisiana it is not illegal to enter into a contract with a minor. It is however, not legally binding. It is basically a voidable contract, and therefore the minor has no obligation to fulfill their end of it.
Posted by (3 comments )
Link Flag
Missing solution?
I agree on disabling cookies being a bad solution.
"leaf" has given good advice but I'd like to modify it a bit:
Follow his instructions to the dot if you don't wish to install SpywareBlaster but that would mean a lot of clicking to accept 1st party cookies all the time.
Instead I'd recommend downloading SpywareBlaster. It's a non-resident application, so it only runs when you update the database (application).
From their site:
- Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
- Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
- Restrict the actions of potentially unwanted sites in Internet Explorer.

After installing it you will not need to make any other cookie settings but I'd recommend blocking the 3rd party cookies anyway.
Posted by -Shao- (7 comments )
Reply Link Flag
Gary Hall
My reply to you about trackers was placed in the wrong branch of this thread. Pls check the root.
Posted by -Shao- (7 comments )
Reply Link Flag
Easy Solution
If you don't want SpyWare or AdWare this is what you need to do
to be protected

1. Windows users must download SP2.
2. Do not install or USE p2p (peer to peer) software. (if you've
used a p2p software then restore your computer with the system
CD/DVD)
3. Don't pirate software (if you didn't buy it then don't use it)
4. Disable Cookies
5. Use a web browser that is not made by Microsoft (Firefox,
Netscape, etc)
6. Don't use AOL or Yahoo (they install a ton of spyware on your
system).
7. Purchase a subscription to private viewing of websites
(anonymous browsing).
8. Purchase the following,
i.) Firewall software (Norton Internet Security)
ii.) AntiVirus software (Norton Internet Security)
iii.) AntiSpyware software (Norton Internet Security and Microsoft
AntiSpyware)
iv.) SPAM Filtering (Norton Internet Security)

and make sure you do not reply to emails that are from people
you do not know. do not download attachments from people you
do not know. if a known contact sends you a file, contact him/
her before you download. many virus's and spyware softwares
disguise the email address they are originating from. Usually
this is done by taking contact details from your addressbook.

If you use a Mac then make sure you are using OS X.

if you need help please contact me at
solutionscompany@mac.com

I consult Windows and Mac's (don't forget Solaris, Linux and
other OS's)

<a class="jive-link-external" href="http://buzzbox411.com/clickthru.php?id=2018825043" target="_newWindow">http://buzzbox411.com/clickthru.php?id=2018825043</a>

Shayaan Siddiqui
Posted by (1 comment )
Reply Link Flag
Item 8 is not the only way to go.
I agree with most of what you have to say - a bit harsh perhaps. Just joking, but you could just unplug the computer and have "Absolute" protection.

I do have an issue or two about Item 8;

Why purchase when you can get excellent products for free. My problem is this, not one product does the job (or all jobs) perfectly and would require one to purchase several products to accomplish the level of protection necessary. That could be expensive.

As for a firewall Zone Alarm is free. ZoneAlarm Pro isn't, but both are equal or superior to Norton's products.

For AntiVirus software one should carefully consider AVG free edition <a class="jive-link-external" href="http://www.grisoft.com" target="_newWindow">http://www.grisoft.com</a>. The forsale version is also very good.

For AntiSpyware software Norton doesn't come close to Ad Aware or Spybot. Both are free and have been rated consistently as the best out there.

I used MS antispyware beta for over a month and removed it from my machine. It never found anything but Spybot and / or Adware would when run after a MS scan. Additionally, I have an issue with their program with mysterious lock-ups that have not reoccurred of removal.

Warm regards,

Gary
Posted by gary hall (7 comments )
Link Flag
Re: Avoiding Spyware
As mentioned, avoid using PC whenever possible. I understand there are times when it is absolutely necessary to use one, but using OS X at home has saved me hours of having to futz with my system and instead actually spending time just using it.
Posted by (1 comment )
Link Flag
Example of CNet tracking & info sale
So, I downloaded an article from one of CNet's sites the other day. *Just* as I finished reading an article I got this lovely piece of email....

Dear Eric,

Thank you for recently downloading an Ektron document on Content Management from CNETs Web site, itpapers.com. We hope you find the information interesting and useful.

If you are thinking about implementing a Content Management Solution (CMS), I encourage you to consider Ektrons CMS400.NET and CMS300. More organizations have deployed Ektron content management solutions and authoring tools than any other in the industry. Thats because we provide feature rich, easy-to-use solutions at a fraction of our competitors costs. And, because were determined to dispel the myth that all content management solutions are difficult to implement and use.

Our solutions enable you to leverage information in new, more powerful ways on Web sites, intranets, extranets and portals. And our new Document Management Solution, DMS400, lets you automate how you create and manage Microsoft Office documents, PDFs, audio and video files and more. Ektrons solutions deliver many competitive advantages, by helping your company:

* Foster teamwork and collaboration by streamlining workflow, task management, version control, content and document approval processes

* Reach new markets and extend your brand to a global audience by making it easy to manage all aspects of multilingual content creation, localization and publishing

* Eliminate IT bottlenecks and empower business users (like Marketing, PR &#38; HR staff) with tools that allow them to quickly and easily create, manage and publish Web content

* Meet compliance mandates and keep government auditors satisfied with a complete solution for managing and tracking processes and procedures.

I would welcome the opportunity to learn about your content and document management strategy and show you how an Ektron solution can help you. One of my team members will follow-up with you shortly to discuss the Ektron solutions in more detail. In the meantime, feel free to drop me a note or visit <a class="jive-link-external" href="http://www.ektron.com/cms400.aspx" target="_newWindow">http://www.ektron.com/cms400.aspx</a> to:

1. Download a no cost, no obligation trial of our content management solution CMS400.NET.
2. Request a personalized demonstration of our CMS, given on the Web at your convenience.
3. Register for one of Ektrons Knowledge Matters Webcasts, online seminars that explore important business topics and the latest content management strategies.

Sincerely,

George Rassias
Vice President of Sales
Grassias@ektron.com
1.866.4.EKTRON
Posted by (2 comments )
Reply Link Flag
correction
Sorry, meant to say "Just as I finished reading THIS article"
Posted by (2 comments )
Link Flag
Lots of bs
I certainly hope you're not consulting in the security area.
Most of your advices are crap. A couple are ok.

1. Windows users must download SP2.

Good advice.
----------
2. Do not install or USE p2p (peer to peer) software.

Total bs. It all depends what protocols/networks you use.
----------
3. Don't pirate software (if you didn't buy it then don't use it)

Also mostly bs, unless it's a company. People earning their living by using a software should definitely buy it. Lots of software developers admit that the spread of their software among home users makes their software more attractive when decisions are made at the company to which software to purchase.
----------
4. Disable Cookies

LOL, try getting any useful work done on the Inet.
----------
5. Use a web browser that is not made by Microsoft (Firefox,
Netscape, etc)

LOL again. That advice is given as a universal solution to security issues. In fact Firefox has had more security issues than IE6 lately and the problems are growing. Read the following and pls check out the links to for.ex. US-CERT (specializing on security issues):
<a class="jive-link-external" href="http://www.informationweek.com/story/showArticle.jhtml?articleID=160900911" target="_newWindow">http://www.informationweek.com/story/showArticle.jhtml?articleID=160900911</a>

If you chose Firefox do it because you want to battle MS dominance on the browser market, not because you've been tricked into believing Firefox being a safe browser. Don't just fall into the current indoctrination.
----------
8. Purchase the following,
i.) Firewall software (Norton Internet Security)
ii.) AntiVirus software (Norton Internet Security)
iii.) AntiSpyware software (Norton Internet Security and Microsoft
AntiSpyware)
iv.) SPAM Filtering (Norton Internet Security)

Any security expert knows that Norton is not a very reliable and secure product. Symantec makes good ghosting software, that's it. They are just great at promoting their products.
If you don't trust me on this I can send you a bunch of virii that Norton products is unable to detect, primarly trojans.
----------

Your email advice is great.

_______________________________________________

In my opinion Gary has got a much better understanding on the products to use. All that's missing is SpywareBlaster.

Since titles seem important I'll inform you that I'm a Systems Engineer with security as one of my major specialities. I'm not saying I'm an expert though. But I've NEVER recieved a virii or been hacked, ever, nor have the companies I've had the responsability for securing their LAN/WAN. I use IDS and I have log alerters so I know no hacking has taken place. I also have all services and ports blocked and only open them when necessary, and many more sec implementations.

(Slack, Mac, Win, BSD, Solaris)
Posted by -Shao- (7 comments )
Reply Link Flag
Security Software Thougths
Well, here's my two cents on this:

1.OS If you're using Windows, you MUST download SP2 and set it up to update itself automatically. I you use a mac you should do the same becuase even tough mac are far less targeted by hackers nad all sort of net crooks they also have security flaws.

BTW I also think windows is bs and macs are good anyways and so are linux based systems.

2. ANTIVIRUS. If you have an older machine DO NOT USE NORTON, it's a memory clog and even toguh it does it's job simply good, it should detect evrything that's there and will be for 20 years given it's memory use :P. For a good Antivrus program, i would recommend one of the european antivirus they're very good and my favorite is AVAST Antivirus it's FREE and way better than avg which i think it's crap, and also has huge sotware design flaws, for example look at the UI it looks like the programas we used in the 90's please...

3. FIREWALL. ZoneAlarm is a very good free alternative. Firewall is a must specially if you have broadband.

4. ANTISPYWARE. Ad-aware and spybot are free and together with spywareblaster make a good protection against these nasty little annoyances. I you're really paranoid then there are commercial products that have more feutures but i think that's just too much.

5. BROWSERS. Mozilla more insecure than IE??? LOL that's the most stupid thing i've ever heard even supposing it were that way we have the same issue that makes macs more secure than PCs which is that attacks are mainly targeted against IE. I also love firefox for other things like tab browsing RSS and so on...

6. SPAM. It's not neccesary at all to buy antispam software if you're a home user if you want a free home email client DO NOT USE OUTLOOK EXPRESS, it's total crap intead use MOZILLA THUNDERBIRD it has a pretty decent junk filter and if you feel like spending $ OUTLOOK is good too. ADVICE: I you don't have spyware and the like nad are not stupid enough to type your email in evry web site or forum in the web you shouldn't have spam in you inbox, for web purposes i use a hotmail account i don't care about.
Posted by (2 comments )
Reply Link Flag
Pirating and P2P
I think someone said pirating software was dangerous, COME ON that's BS, it only hurts the companies pockets is just inmoral to do it because even tough it's illegal no company is going to come to your house and inspect if you have the original software. Even more they think it's good because it helps them to get to the companies these people work for, which is really their main business and where the $$$ come from.

Regarding P2P it's a matter if you use the correct client and networks and if you take the neccesary security measures. In other words common users shouldn't use it, paranois shouldn't nor the faint of the haeart ones. Only fo people who know what they do. Believe me if you know what you you can plenty of useful info and material in P2P networks.
Posted by (2 comments )
Reply Link Flag
Spying on the spyware - DHS/DATA PRIVACY & INTEGRITY ADVISORY COMMITTEE
Note to Ben Edelman... I am with you all the way. If you need an assistant to help debunk the spyware engine, I'm your man. This vicious cycle of the creation, sales &#38; propagation of spyware, then the creation, sales &#38; propagation of anti-spyware is extremely monotonous. Corporations are making big bucks from every angle, and the results of this is failing productivity in the business sector, along with the continually declining consumer confindence in technical products for the home. Spyware hurts everyone. It invades privacy. It costs a lot of money, both directly &#38; indirectly. The residual effects are nothing but negative. One small problem, with the potential for exteme negative effects is the appointment of D. REED FREEMAN, JR from Claria to the Dept of Homeland Security Privacy Advisory Committee. I realize at this point that this is merely speculation, but he will most likely be putting a legalese spin on how the DHS categorizes exactly how they perceive spyware. He will continually put forth a never ending pursuit to make spyware makers look like they are justified in their efforts to exploit every consumer in the USA. This is an unfortunate mistake by the DHS. I have written them a letter/email with my dismayed reaction to his appointment. It is a grave mistake to get his input on the outcome of internet privacy in the years to come. I am outraged &#38; disappointed. At the same time, I am passionate about my feelings regarding the proliferation of spyware, and I will forever be on your side to expose them for what they really are, infectious invaders of consumer internet privacy.
Posted by ericdolson (1 comment )
Reply Link Flag
INFIGHTING! THE ENEMY HAS WON!
"Little Big Ben"

One can't help but notice the Infighting going on through these posts. The enemy has us where it wants us, FIGHTING among ourselves.

Yes, there may or may not be a better operating systems out there. But it's not that simple. A lot of users don't have the finances to deploy a whole new operating system. Are all these people stating they will be glad to help finance new operating systems for everyone with computers running a certain OS? Slowly but surely all these "safe" OS are coming under attack. So that's not the answer.

Yes, there are other browsers out there. But Even the one they say is secure is having problems. What does that tell you? And does every computer user know how to deploy a different browser? So that is not the answer.

Yes, there are various firewalls out there. Every one states it is better than the other. We all know that a software firewall is only as good as the person setting it up. There is no firewall that claims it will stop adware/spyware from being loaded on to a computer. If they blocked everything, you couldn't surf the web. And this is how they, the spys get in, through browser port manipulation. With a reasonably set Firewall, you don't know they are there until they try to transmit to home base. And now most of them wait until you conduct browser activity to spoof their transmissions.

Yes, there are some extremely knowledgeable people in ISP help centers and then there are the not so bright. ISPs are not responsible for protecting your private computer. Every agreement I have ever seen states that your "the users" activity is subject to attack. And it's the responsibility of you to protect you. They promise to provide you connectivity. Most responsible ISPs are now providing free antivirus and firewall protection.

Yes, there are companies we thought we could trust placing spyware/adware on computers. Are they so insecure that they have to resort to invasion of privacy? It certainly lowers our opinion of them. But lashing out at them in chat and article columns serves no useful purpose.

Yes, I too build and repair computers. My statement right up front is; "I will get the junk off. But you must agree in writing to let me install Antivirus/Firewall/Antispyware programs. And You will need more RAM for it to work right." If they don't agree, they walk. You have to remember that the unknowing public gets duped. Because of the price of RAM above 256 MB, they will buy a 256 MB machine that can barely run the OP system, much less any protective software. It's a shame and a disgrace for a company to sell someone a machine with low RAM figures these days. Knowing good and well how bad the internet has become and what the customers will need to protect themselves. You would think education and taking care of the users would start with the seller. What ever happened to satisfied customers?

Yes, we have a lot of problems on the internet. Instead of trying to get everyone to "move over" to our way of thinking, why don't you all let your elected officials know how you feel about the subject of adware/spyware?

And I do agree that this is my private computer and it is based in the U.S....I feel as though my Privacy Act rights are being violated every time I catch some slime bucket trying to download spy/adware to my computer without my knowledge. I feel like my civil rights have been violated because they are dictating that' "I will take their software and I will like it." Now I know what it's like to be told to sit at the back of the bus.

We also have another enemy, Foreign countries that send spy/adware. Even if U.S. companies were policed, what would we do about those that do not fall under U.S. laws?

So this is a big problem, let's work with each other and think of things that can be done to fight the real enemy. And support those trying to make the internet a better place.
Posted by JOSEPHWILSON1952 (4 comments )
Reply Link Flag
adwarespyware
I couldn't agree with you more! I believe the www is like the freeway; it is free alright and one is free to cut others off, speed excessively and otherwise endanger the other free riders! Ever notice how much dishonesty and badness comes out of a free enterprise? Sometimes I wonder if their really are more goats than sheep!
Posted by Edward L. Martineau (1 comment )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.