February 2, 2005 4:28 PM PST

Clueless about cookies or spyware?

Spyware-removal tools are a fairly new commodity from Internet service providers, but some of the software may confuse people as much as it protects them, critics say.

In one example, EarthLink's Spyware Blocker program notes several different kinds of potentially unwanted software found on a subscriber's PC, including Trojans that can steal personal information. Yet also included on the list are advertising system "cookies"--bits of code used to monitor people's response to online ads or regulate their frequency. EarthLink itself systematically distributes cookies to keep track of consumers.

Consumer advocates argue that cookies shouldn't be lumped into a bucket with spyware because they're innocuous compared with software designed to steal or corrupt a PC.

"Cookies are so common," said Richard Smith, a privacy and security consultant. "Unless they make it clear that this is not as bad a threat as these other things like keystroke loggers, it gets people worried for no reason."

The debate highlights an ongoing disconnect in an industry charged with fighting malicious software (malware or spyware) that can reap all sorts of havoc on people's PC. As the threat of malware has grown, it has become increasingly challenging for ISPs, lawmakers and security experts to pin it down. Part of the trouble is in defining similar software that performs very different functions so that people easily understand the dangers of each.

Labels such as spyware and adware cut a wide swath, with many gray areas that can spark disagreements among software makers, consumers and security experts over legitimate and illegitimate practices. Some anti-spyware software makers are even beginning to allot new categories to describe a wider range of programs.

EarthLink acknowledged its use of cookies, and the Spyware Blocker's detection of them. "Consumers may not know that they are on their PCs. Thus, they fall into the 'spy' category," said company spokesman Jerry Grasso, who added that they can be removed or not at consumers' discretion.

Spyware is commonly thought of as software that's downloaded onto a PC without clearly disclosing all of its functions or obtaining permission from the computer's owner. It typically slips onto a person's machine unnoticed as a scantly disclosed add-on with other popular applications, such as file-sharing software, or via browser security vulnerabilities.

Spyware denies people reasonable control over the application--the ability to easily uninstall it, for example. And, as its name implies, it typically spies on people while they're surfing the Web. It can collect passwords, bank statements and other personal data, down to the keystroke.

In a more benign form, known as adware, such programs can be used to send ads based on people's interests.

Still, Smith defines spyware as software such as keystroke loggers, used to steal bank information or other sensitive data, or applications designed to literally let one person spy on another, for instance, a husband watching his wife online. Programs used to hijack a person's home page, deliver pornographic pop-ups or rejigger search results can simply be called "sleazeware," Smith said.

Smith said some anti-spyware audits are padding the potential threat to create the impression that they're doing more work than they really are to protect consumers. "Most people will be bothered by programs that mess with search results or change your home page," he said.

"But most advertising network cookies are much more for providing feedback to advertisers about how their ads are performing," and historically that's only been a disappointment to the advertisers, he said.

4 comments

Join the conversation!
Add your comment
Promoting ignorance.....
Come on!

The only way to fix these problems with spyware, adware, viri, worms, etc. is to do something to educate users what things are and how they are. If this becomes too much for a user, then maybe that person should not be online. I want to know who earthlink thinks it is by creating "tracking" cookies for their customers. This idea is insane. This is enough for me to decide NOT to use Earthlink. My ISP does not have the right to access my computer...especially like this.

The truth is....
NOT all cookies are bad. Some cookies are good and helpfull. The problem is that the user does not know the differance. The best thing to do with cookies is do "delete" anything that comes up on any kind of anti-spyware program. Regardless.

Unless you want to completely turn off the ability to download cookies, just delete anything that these programs turn up.

Come on! How hard could this really be?
Posted by Prndll (382 comments )
Reply Link Flag
Promoting ignorance.....
Come on!

The only way to fix these problems with spyware, adware, viri, worms, etc. is to do something to educate users what things are and how they are. If this becomes too much for a user, then maybe that person should not be online. I want to know who earthlink thinks it is by creating "tracking" cookies for their customers. This idea is insane. This is enough for me to decide NOT to use Earthlink. My ISP does not have the right to access my computer...especially like this.

The truth is....
NOT all cookies are bad. Some cookies are good and helpfull. The problem is that the user does not know the differance. The best thing to do with cookies is do "delete" anything that comes up on any kind of anti-spyware program. Regardless.

Unless you want to completely turn off the ability to download cookies, just delete anything that these programs turn up.

Come on! How hard could this really be?
Posted by Prndll (382 comments )
Reply Link Flag
Another opinion
As the product manager for Spyware Blocker at EarthLink, it probably isn't much of a surprise that I have a differing opinion of the issue discussed here. I've posted some comments and another perspective over on protectionblog.net There's no doubt that this is a topic that will come up repeatedly as online threats change and anti-spyware tools mature.
Posted by Tom Collins (2 comments )
Reply Link Flag
Another opinion
As the product manager for Spyware Blocker at EarthLink, it probably isn't much of a surprise that I have a differing opinion of the issue discussed here. I've posted some comments and another perspective over on protectionblog.net There's no doubt that this is a topic that will come up repeatedly as online threats change and anti-spyware tools mature.
Posted by Tom Collins (2 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.