Dell backs spyware education drive

Although as many as 90 percent of U.S. home computers have been infected with spyware at some time, a majority of PC owners don't know how to solve the problem, according to a poll released Friday.

The findings come in a report from the newly formed Consumer Spyware Initiative, a joint effort by Dell Computer and the nonprofit Internet Education Foundation that aims to increase awareness of spyware.

Spyware is a term used to describe software that can monitor user behavior and display unwanted advertising. It can often significantly slow down a computer. The new initiative hopes to reach 63 million American Internet users over the next year to show them how to identify and eliminate spyware infections, its backers said.

"We've been focused on arming our customers with the information and tools they need to combat this problem," said Mike George, general manager of Dell's U.S. Consumer Business, in a statement. "Through this process, we've seen that education is our best counterintelligence against the threat of spyware."

The spyware issue has been increasingly visible in news and policy circles over the past month. The Federal Trade Commission filed its first lawsuit against an alleged spyware distributor last week, and Congress is close to passing several bills regulating the practice.

The Internet Education Foundation's Web site has recommendations for minimizing the impact of the potentially annoying software.

[Not Bugged]

Treat the source, Luke!

Why doesn't Dell treat the cause instead of the effect of SpyWare? Wouldn't advising people not to use IE have more of a positive effect than removing the problems IE cause?

[dmehus]

IE is not the only problem

IE is only partially the problem, caused by having ActiveX enabled in the browser. Disabling this fixes it (as does upgrading to Microsoft Windows XP Service Pack 2, though I haven't done that yet). Besides, not everyone wants Firefox. There are some (mostly cosmetic and interface) issues with Firefox that I don't like and can't seem to wrap my head around, preventing me from switching.

As I said, IE is only partially responsible for spyware. Peer-to-peer file trading software is a big culprit, as is -- surprise, surprise -- people downloading adware directly from the source because they think Date Manager and Precision Time sound like "totally cool" pieces of software.

Cheers,
Doug

[Tex Murphy PI]

Again, oversimplifying the problem

It would be nice if it were as simple as switching out browsers from IE to <name your favorite browser> - but the realities are far more varied than you mislead people into thinking.

The problems can be categorized into the following areas:
1) ActiveX is a big culprit - okay, it's a HUGE culprit. Because ActiveHEX allows a malicious programmer to do so much damage to a system, it has become a convenient vehicle to launch attacks on a system. However, a lot of sites have ActiveHex on their sites, and they fail to work when disabled.
Only MS can fix this issue by restricting its ability - thereby forcing the industry to recode their sites to a "safer" level.

2) End-User-Licensing agreements. Many spyware programs are actually commerically available programs that are installed with consent to installing paying spyware programs. DIVX and eDonkey are excellent examples of this. These programs note that they do install spyware onto the user's computer - the problem is that nobody reads the EULA, which is overly long and complicated. Laws must address the EULA's overly long and complicated nature. This way, companies can't hide behind the: "It's in the EULA you agreed to" defence.

3) Dumb Users. Yes, the victims themselves are part of the problem. Everyone who has ever used a computer has instinctively clicked on the "I Agree" or "OK" button so many times without even reading what the dumb thing is asking us. Many spyware installations can be circumvented by taking time to read what the installation programs are asking us, rather than accepting the defaults.

4) Dumber users Pt2. If someone were to come up to you and tell you that they could install a new whiz-bang gadget on your car's engine or computer for free, would you let them? Of course not! So why don't they practice the same level of common sense on their computers? Downloading freeware from untrusted sites and installing them is just as dumb as that.

5) Social Engineering. Most users blindly open any email attachment they get. It's like a kid on Christmas day! Add to that number the people getting duped into openning programs from their fake "banks", fake "System administrators" and fake "ISPs" - and you've got a lot of avenues for installing more spyware. If the President of your country were to send you a parcel in the mail, would you open it? Again, common sense is lacking here.

Much of the problems of spyware can really be laid on the lap of inexperienced users who practice little, or no common sense when it comes to computing.

Yes, IE shares a lot of the blame for the ridiculously easy ActiveX viral mechanism, but that stupidity is actually dwarfed by the inability of the keyboard user to practice common sense.