As a user assistant for Harvard Arts and Sciences Computer Services, I have cleaned “spyware” off more students’ computers than I care to count. This software can fill up your computer’s hard drive, take over your Internet browser and compromise your privacy. Spyware has garnered wide publicity in the news and word-of-mouth infamy on campus, yet the federal government has done next to nothing to combat this scourge.
There is a fine distinction between dangerous spyware and adware, a more benign type of program. Often included with free software programs, adware legitimately helps free software makers stay in business by providing advertising dollars.
As with spyware, adware entails some compromise of your privacy. Adware often collects information on your browsing habits and sends that information back to the adware company to personalize ad content. But how the adware company uses this information, as well as how the adware was installed and how the adware resides on your computer, determines whether the program is just adware, or spyware.
Spyware’s hazy definition makes it hard to regulate. Go anywhere on the Internet today, and this lack of regulation will be only too clear. The most popular way for spyware companies to install their software is by piggy-backing on the installation of other programs. These piggy-backed applications will rarely show up in the Add/Remove Programs control panel on a PC, since they are not meant to be uninstalled without the original program losing its functionality.
If the software maker is kind, the legalese in the “End-User License Agreement” (EULA) to which you must agree to before you start the installation will mention these extra programs. The outrageous thing is that, technically, software makers are not required to have a EULA or even to secure your permission before downloading onto your computer.
When a window randomly pops up in Internet Explorer asking if you want to install a piece of software from an unknown company, that is spyware. Partly due to America’s lack of online privacy regulations, and partly due to the technical nature of this problem, legislators have only just begun to address seriously spyware’s threat to privacy and security. In August, Rep. Mary Bono, R-Calif., introduced a law that would mandate that spyware companies be more open with their EULAs and privacy statements. Yet thanks to public outrage and the threat of anti-spyware programs, many “legitimate” spyware companies already effectively obey this law. The true target of Bono’s law should be the most dangerous type of spyware: viruses masquerading as legitimate software.
If you do not secure your computer with an antivirus program and a firewall, this kind of spyware will find its way onto your computer. Using security holes in AOL Instant Messenger, Internet Explorer and other popular programs, these parasitic spyware applications can auto-install themselves and harvest your personal information after just one mistaken mouse-click. Unfortunately, it will be hard for Congress to regulate this kind of spyware. Just as spammers and virus coders are rarely found, so the creators of this kind of spyware will be hard to identify and punish. To address this problem in part, Bono’s law should prescribe harsh penalties for the Internet service providers that host the servers to which the spyware reports back.
Since Congress does not seem to see spyware as a priority right now, we are on our own for the moment. Protect yourself with anti-virus and anti-spyware software and a good firewall, and you will be fine 99 percent of the time.
Alex Slack ’06 is a history concentrator in Leverett House. He is a user assistant.
Read more in Opinion
The Moviegoer Easy Rider at the Charles Street Cinema