 |
|
|
|
|
Spam, Spyware, Pop-ups, Adware, Scumware & More...SpamSince the inception of the PC some 25 years ago, there have been a few "killer apps" that have really spurred the growth of the computer industry. Among the first "killer apps" were programs such as WordStar and WordPerfect in the word processing field, Lotus 1-2-3 in spreadsheets and Ashton-Tate's dBase database programs. In the last 10 years the biggest "killer app" has been E-mail software. Email's been around for a while, longer than HTTP, MIME, and Unicode, but with the explosion of the internet's World Wide Web 'http' graphical interface, email programs have become a part of everyday life. MIME, Multipurpose Internet Mail Extensions, added the ability to do much more than just send "Plain Text" messages, among other things. It wasn't long after this explosion in emails that businesses and advertisers began to exploit this cheap method of attracting customers. What is Spam?Use of the term "spam" was adopted as a result of the Monty Python skit in which a group of Vikings sang a chorus of "spam, spam, spam . . . " in an increasing crescendo, drowning out other conversation. Hence, the analogy applied because UCE, Unsolicited Commercial Email, was drowning out normal discourse on the Internet. Basically, it is junk email. My ISP, Internet Service Provider, tracks the number of spam messages that cross it's Mail Servers each day. It is currently is a staggering 900,000 messages a day and they are tiny company compared to AOL and MSN. What is a Spammer?A Spammer is typically a person that is in the business of e-mail marketing that either harvests and sells email address or sends out mass mailing of advertisements to unsolicited recipients. How are Email Address harvestedThere are many ways email addresses are obtained. From posts to UseNet with your email address; from mailing lists; from web pages; from various web and paper forms; via an Ident daemon; from a web browser; from IRC and chat rooms; from finger daemons; AOL profiles; from domain contact points; by guessing & cleaning; from white & yellow pages; by having access to the same computer; from a previous owner of the email address; using social engineering; buying lists from others; and by hacking into sites. For a more through discussion of each of these methods there is an excellent article written by Uri Raz called How do spammers harvest email addresses ? What Microsoft is doing about Spam
SpyWare and Key LoggersWhat is SpyWare?Spyware is software or hardware installed on a computer without the user's knowledge which gathers information about that user for later retrieval by whomever controls the Spyware. Spyware can be broken down into two different categories, surveillance Spyware and advertising Spyware. Surveillance software includes key loggers, screen capture devices, and trojans. These would be used by corporations, private detectives, law enforcement, intelligence agencies, suspicious spouses, etc. There are also hardware key loggers. These typically plug between the back of your computer and keyboard. Advertising Spyware is software that is installed alongside other software or via ActiveX controls on the internet, often without the user's knowledge, or without full disclosure that it will be used for gathering personal information and/or showing the user ads. Advertising Spyware logs information about the user, possibly including passwords, email addresses, web browsing history, online buying habits, the computer's hardware and software configuration, the name, age, sex, etc of the user. As with spam, advertising Spyware uses the CPU, RAM, and resources of the user's computer, making the user pay for the costs associated with operating it. It then makes use of the user's bandwidth to connect to the internet and upload whatever personal information it has gathered, and to download advertisements which it will present to the user, either by way of pop up windows, or with the ad banners of ad-supported software. All of this can be considered theft in the cases of advertising Spyware that installs without disclosure. Perhaps you've experienced some of these tactics, such as InternetFuel's method of pelting you with pop-up advertisements as you leave a site, or Search-Explorer.com's mouse-over downloads that can cause software to be downloaded to your PC's hard drive after you merely roll your pointer across an advertisement. Programs from Brilliant Digital Entertainment, Cydoor Technologies, and Gator may ride along when you install downloaded file-sharing software or Internet utilities. Then there are those InternetAlert pop-up advertisements: They look like Windows' system warnings. There's nothing illegal about these actions, and they don't run afoul of any government regulations. Yet the targets of aggressive marketing, including consumers and businesses, must contend with the adverse impact on PC and network performance. And irritated Web surfers have made their feelings abundantly clear on gripe sites. "What I don't understand is why this...isn't illegal," wrote one typical poster at Spywareinfo.com, which tracks online privacy issues. "Seems like a clear form of cyberterrorism to me." Why is it called "Spyware" ?While this may be a great concept, the downside is that the advertising companies also install additional tracking software on your system, which is continuously "calling home", using your Internet connection and reports statistical data back to the "mothership". While according to the privacy policies of the companies, there will be no sensitive or identifying data collected from your system and you shall remain anonymous, it still remains the fact, that you have a "live" server sitting on your PC that is sending information about you and your surfing habits to a remote location... Are all Adware products "Spyware"?No, but the majority are. There are also products that do display advertising but do not install any tracking mechanism on your system. These products are not indexed in our database. Is Spyware illegal?Even though the name may indicate so, Spyware is not an illegal type of software in any way. However there are certain issues that a privacy oriented user may object to and therefore prefer not to use the product. This usually involves the tracking and sending of data and statistics via a server installed on the user's PC and the use of your Internet connection in the background. What's the hype about?While legitimate adware companies will disclose the nature of data that is collected and transmitted in their privacy statement, there is almost no way for the user to actually control what data is being sent. The fact is that the technology is in theory capable of sending much more than just banner statistics - and this is why many people feel uncomfortable with the idea. For listing of know SpyWare programs, cexx.org has an excellent site. What Can You Do About Spyware?
Pop-ups, Adware, ScumwareMore than 25 percent of top Web destinations now use some kind of in-your-face marketing tactics, according to the Internet research firm Cyveillance. Perhaps you've experienced some of these tactics, such as InternetFuel's method of pelting you with pop-up advertisements as you leave a site, or Search-Explorer.com's mouse-over downloads that can cause software to be downloaded to your PC's hard drive after you merely roll your pointer across an advertisement. Programs from Brilliant Digital Entertainment, Cydoor Technologies, and Gator may ride along when you install downloaded file-sharing software or Internet utilities. Then there are those InternetAlert pop-up advertisements: They look like Windows' system warnings. There's nothing illegal about these actions, and they don't run afoul of any government regulations. Rudy Grahn, an analyst for Jupiter Research, says advertising regulations--which historically have been aimed at broadcast and print media--simply haven't yet caught up with the latest online strategies. Fueling this ad explosion was an estimated $9.6 billion that the GartnerG2 research firm said would be spent on Internet advertising in 2002. Web sites can earn bounties for snagging your attention, your browser, your hard drive, or your name. For example, sites can earn up to 5 cents for each visitor who installs marketing software from the Webmaster Revenue Network, according to the company's Web site. They can collect as much as 20 cents for learning your zip code and e-mail address, say people who are familiar with the industry. And Web sites that ran those ubiquitous advertisements for X-10 wireless cameras may have earned up to $45 for each $90 sale they generated, according to Pesach Lattin, who is the author of the online marketing e-newsletter Adbumb. Adds Lattin: "The reason there's an upsurge in advertising sleazeware is because it works." While most marketing software requires the user to click his or her assent before it installs, some newer technologies bypass this step. For example, sites ran an ad that automatically downloaded a toolbar from Search-Explorer.com if the user moved their mouse over the ad while their browser was set to a low level of security. AdPowerZone, which created the toolbar, says it has the ability to track "every Web site the user visits, allowing our advertisers to send special offers to our users in real time while they are online." About 1.3 million people downloaded the software over a four-week period, the firm says. These, in your face, advertising browser windows are annoying and often crass. They waste time, interfere with browsing, and generally deserve to be annihilated. Yes, I know, even wonderful sites like PCWorld.com sometimes use pop-ups. Nevertheless, they must die. Internet service giant America Online is being sued by a group of its subscribers who allege that the company shipped them merchandise they didn't order and then billed them for it. In a lawsuit filed in federal court in San Francisco, three Californians who subscribe to AOL charge that the merchandise, which includes a $10 AOL desk planner, a $74 "bed-in-a-bag" and a $171 digital CD player, was offered to them in pop-up ads when they logged into their AOL Internet accounts. Even though they clicked the "No Thanks" buttons on their computer screens, the merchandise arrived at their homes later and they received bills for the goods. If pop-ups afflict you, I'm willing to bet that you use Internet Explorer. That's because the current versions of every major Windows-compatible browser--except Microsoft's--offer settings (often hard to find) that block pop-ups and pop-unders. What Can You Do About Pop-ups?
Hackers...Hackers, in one form or another have been around since the 60's. The Learning Channel has an excellent article called A Brief History of Hacking, that is very informative. Hacker's are not necessarily all bad people. Some very good software and hardware advances have come forth as a result of their work. Even today there are individuals and organizations that continually investigate security leaks in computer system networks, email programs and internet browsers. These people are Old School Hackers. Similar to a Witch-of-the-North from Oz. Then there are the Script Kiddies, or Cyber-Punks: Most commonly what the media calls "hackers." These are the kids, like Mafia Boy, who most frequently get caught by authorities because they brag online about their exploits. As an age group, they can be between 12 and 30 years old, they're predominantly white and male, and on average have a grade 12 education. Bored in school, very adept with computers and technology, they download scripts or hack into systems with the intent to vandalize or disrupt systems. Possibly worse still are the Coders and Virus Writers: Not a lot of research has been done on these guys. They like to see themselves as an elite. They have a lot of programming background and write code but won't use it themselves. They have their own networks to experiment with, which they call "Zoos." They leave it to others to introduce their codes into "The Wild," or the Internet. This brings us up to the category of Hackers we can do without. These individuals are really thieves. Looking for vulnerable people that they can easily exploit or rob. Professional Criminals, or Crackers: These guys make a living breaking into systems and selling the information. They might get hired for corporate or government espionage. They may also have ties to organized criminal groups. Then there are the worst kind of Hackers. The Cyber Terrorist. Cyber terrorism is described as the use of computers to intimidate or destroy a population; armed with nothing more deadly than a hard drive and a keyboard, terrorists may be able to take control of the stock market, alter White House security codes — even change the formulas for prescription drugs. And what makes cyber terrorism so attractive to groups like al-Qaida is the fact that the Internet has no boundaries. There aren't any icy, mountainous borders to cross, no paperwork to present to suspicious customs officers. Instead, terrorists can use cyberspace to access extremely sensitive information and to spread their doctrine further than ever. Recently, Sheikh Omar Bakri Muhammad (a Syrian-born fundamentalist Muslim cleric who's been linked to several of the Sept. 11 hijackers) said that Islam justifies the use of "all types of technologies" in the defense of Muslim lands. To that end, Bakri claimed that Jihad groups are active on the Internet. What Can You Do About Hackers?
|
|
