Applications /

Spying on the flip side

By Mark Gibbs
Network World, 05/14/01

"Silent background use of an Internet 'back-channel' connection must be preceded by a complete and truthful disclosure of proposed back-channel usage, followed by the receipt of explicit, informed consent for such use. Any software communicating across the Internet absent these elements is guilty of information theft and is properly and rightfully termed Spyware."

- Definition of "spyware" by Steve Gibson of Gibson Research Corp.

Gearhead's alter ego, of "Backspin" fame, was recently taken to task by a reader for recommending a piece of software, the freeware version of a file transfer utility, because it contained spyware. And the reader has a good point.

Spyware, which is built into a number of shareware and freeware applications, is designed to fetch, cache and show ads, and then monitor and report on user behavior without informing users upfront that they will be monitored. Spyware is definitely to be distrusted in any situation.

The problem with spyware is you often don't know you have it! Many applications - usually those that have freeware versions - use advertising delivery systems that contain spyware provided by third parties.

Here's Gibson's summary of just such a third party, Aureate, now called Radiate: "It deliberately slips into the user's system secretly, uses the user's Internet back channel without the user's knowledge or permission, takes pains to remain secretly installed (instructing its hosting software to leave it installed upon the host's removal), masks its presence by deliberately suspending its use of the back channel in the [presence] of keyboard or mouse activity, and fails to disclose any of this to the typical user. . . .

"When you add to this the fact that the Aureate software has been conclusively found to be directly responsible for significant Windows system and Internet browser crashes, and that it is able to secretly download and cause Windows to execute any arbitrary program into the unsuspecting user's computer, it is indeed difficult to cut these people much slack."

The problem is spyware could not only be revealing private information about you but also could be a route for hackers to invade your PC or network (given the poor coding of most spyware, a hack attack by creating a buffer overflow is a real possibility). And some badly written spyware can cause your PC to crash because of the spyware's poor coding.

Gibson has developed a seven-point code of conduct for software that uses a back channel for reporting anything about a user's system, and an index of related software and the degree to which it complies with the code (see grc.com/oo/cbc.htm).

If you want to find out whether any applications on your PCs have spyware embedded, check out Lavasoft's Web site. The company offers a utility called Ad-aware that "is a free multispyware removal utility that scans your memory, registry and hard drives for known spyware and lets you remove it safely."

Next week, we'll take a closer look at this topic and what Ad-aware can find and correct.

Until then, download the program and let us know what you find - we think you'll be horrified.

Results to gearhead@gibbs.com.