Broadband Tech > Security > Security > A Guide to Spyware Comments Filed w/ the FTC

A Guide to Spyware Comments Filed w/ the FTC

I, for one, applaud your efforts in regard to helping the computing community with these issues.
I appreciate your inspiration, and admire your enthusiasm.
Best regards, Jack.
--
~Help find a cure for cancer~Proud Member Team Discovery

reply to eburger68
Hi Eric. I haven't gotten to check your links out yet, but certainly will. Thanks again for all your work and contributions in these battles.

reply to eburger68
Has Mike Healan of SpywareInfo made any comments yet? I
know that one of the things he's made it a personal crusade
to do is to make those that distribute homepage hijacking
spyware like CWS and Lop go to jail for doing so.
--
"Kayura or Badamon, whichever you are, you should know that I will never give up this battle. By the will of the Ancient, I shall succeed!" - Shuten (Anubis) from the Ronin Warriors.

I thought CWS helped to prevent hijacking. Are you saying that it is a hijacker of some type itself?

artesian79:

"CWS" stands for CoolWebSearch, one of the more prolific varieties of hijackware on the Net -- indeed, probably the worst of all time.

The application you're thinking of is Merijn's CWShredder, an application built to clean CWS-infected boxes.

Shuten Doji:

Mike hasn't filed comments yet.

Best,

Eric L. Howes

reply to eburger68
Hi All:

Those of you who have been following the run-up to the April 19 FTC Spyware Workshop will be interested to know that the FTC just posted 40 more comments (# 69-107) from the public on its web site:

»www.ftc.gov/os/comments/spyware/index.html

Unlike the previous batch of comments, which included a number of long statements and studies, this new batch of comments consists primarily of short statements from ordinary web users, IT administrators, computer shop owners, and others who have had the sorry luck to run into spyware. Their statements, while short, are powerful. Indeed many of them lay out in explicit terms the costs imposed by spyware on its many victims. This is just the kind of testimony needed to get the attention of folks in Washington D.C.

There is one longer set of comments that you may be interested in taking a look at:

# 104. Garfinkel (04/07/04)
»www.ftc.gov/os/comments/spyware/···nkel.pdf

Simson Garfinkel is the well-known author of at least a dozen books (I have his 2000 book on internet privacy, *Database Nation* sitting on my shelf right next to me, as well as his 1994 book on PGP). Garfinkel weighs in with a substantial proposal that he titles the "Pure Software Act of 2006," an extensive set of requirements for proper notice and labeling of software, its license terms, and functionality. He even has a proposed set of icons to go along with his labeling scheme -- an interesting read, to say the least.

The FTC is still taking comments, which you can file by using the email link on this page:

»www.ftc.gov/bcp/workshops/spyware/index.htm

See the end of my first post in this thread for links to tips and other information about filing comments.

Best,

Eric L. Howes

reply to eburger68
Too much info to take in right now, Eric. But you have my most sincere thanks for all you've done to combat malware and in providing all those links to the FTC stuff. I hope some good comes from all this.

Spyware/adware/malware....call it what you will, it's just a bunch of crap that infringes on our rights, invades our privacy and makes surfing a pain in the a**! Keep at it, dude! We all appreciate your efforts. Also, we all need to do what we can to get rid of this pox!

reply to eburger68
Eric,

Very interesting reading, Do you think that anything substantial will come about as a result of this workshop?

BTW, I posted a link to your Comments to the FTC Workshop in the Comcast Security forum.

Thanks for keeping us informed,
Bill
--
A clear conscience is usually the sign of a bad memory.

reply to eburger68
Thanks Eric!

reply to wmccona
Bill:

You asked:

said by wmccona:

---

Do you think that anything substantial will come about as a result of this workshop?

---

Thanks for all the good information and links Eric.

reply to eburger68
Hi All:

Those who are following the run-up to the FTC's Spyware Workshop (now only one week away) will be interested to know that the FTC just posted a new batch of comments from the public (#108-119). As with the previous batch of comments posted last week, these comments are all from consumers and small business owners. All are to the point and extremely useful in detailing the unwelcome and burdensome costs of spyware to ordinary users and businesses.

»www.ftc.gov/os/comments/spyware/index.html

The FTC seems to be updating the comments page fairly regularly now, so if you do submit comments in the next few days, I would expect (though obviously cannot guarantee) that your comments would be posted before the workshop next Monday (April 19). The comment period does run until May 21, however.

Best,

Eric L. Howes

reply to eburger68
Hi All:

In what might be the last update before the FTC Spyware Workshop on Mon. April 19, the FTC just posted over 50 new comments (# 120-171) from the public. As with the last few batches of comments, most are from ordinary internet users, business owners, and tech support personnel, and all are damning in what they have to say about the problems of spyware. You can find these new comments here:

»www.ftc.gov/os/comments/spyware/index.html

Towards the end are two sets of comments that deserve special mention:

# 168 PC Pitstop (04/13/04)
»www.ftc.gov/os/comments/spyware/···stop.pdf

PC Pitstop submits a second set of comments, this time detailing the results of a new study on whether users were aware of installations of WhenU.com's software. As with its previous study on Claria/GAIN (see comment # 24), the results are not surprising at all. Interestingly, PC Pitstop did a study of AVG users to serve as a kind of baseline for their WhenU and Claria numbers, and the differences in awareness tell the whole story.

# 171 BillP Studios (04/14/04)
»www.ftc.gov/os/comments/spyware/···dios.pdf

The maker of WinPatrol provides pointed comments on all the major issues to be addressed in the Spyware Workshop. Definitely worth a read.

I certainly hope the FTC sits up and takes notice of all these useful comments. We'll see what happens on Monday.

Best,

Eric L. Howes

Good luck to you, and all the antispyware folks... I wish I could afford to attend this meeting, but unfortunately not possible at this time...

Go get'em.. AND if anyone from the FTC reads this forum.. PAY ATTENTION to Eric and the rest!!!!
--
Lost in Texas

reply to eburger68
Thanks for the further info Eric. Just as an aside, pretty weak submission from C2 media, when compared to those of Messrs. Edelman, Everett-Church, Levine and yourself (at least in my opinion). If "adware" promoters are sincere why not couch the EULA in clear and unambiguous language instead of hiding behind deliberate obscurity, incorporation by reference, boilerplate etc., and provide similar type instructions for removal of the software should the user wish to discontinue its use.

Edelman's submissions only serve to confirm the value of the so called "privacy statements" of some of the players in the "adware" game. The fact that there is litigation surrounding the exponents of adware certainly calls into question its claimed benignity in the practise of what C2 Media describes as "innovative new [advertising] technologies".

reply to eburger68
I just love Lop.com's "adware supports the Internet the way commercials support TV" argument. Last time I checked, if a user browses BroadbandReports.com and sees a Lop-generated pop-up ad, BroadbandReports.com doesn't see a single penny for the ad. The only thing they are supporting is themselves.
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/

reply to mens rea
mens rea:

You wrote:

said by mens rea:

---

Thanks for the further info Eric. Just as an aside, pretty weak submission from C2 media, when compared to those of Messrs. Edelman, Everett-Church, Levine and yourself (at least in my opinion).

---

reply to eburger68
Hi All:

Although the FTC's Spyware Workshop is now history (it took place last Monday, April 19), the FTC continues to accept comments from the public on the subject of spyware. The comment period is open until May 21.

Today the FTC posted yet another batch of comments (# 189-211). Along with the batch of comments from last week (# 172-188) there are several which demand notice and comment:

FTC Spyware Comments
»www.ftc.gov/os/comments/spyware/index.html

# 181: Lucas-2 (04/14/04)
»www.ftc.gov/os/comments/spyware/···cas2.pdf

In an earlier post I critiqued C2 Media's first batch of comments ( »Lop.com Goes to the FTC ). And, of course, the longest of the three documents that I submitted to the FTC is a step-by-step analysis of a C2 Media "drive-by-download"( »www.staff.uiuc.edu/~ehowes/dbd-anatomy.htm ). This second batch of comments from C2 Media is also worth a read, because Lucas frames these new comments as a reponse to the critiques of anti-spyware advocates. Although he doesn't point to my comments by name, it's pretty clear that he is in fact responding to my "drive-by-download" document, which uses a C2 Media as the central example. I won't bother responding to the several points he makes (though I do intend to at a later time). I think you'll find C2 Media's response less than convincing, because the majority of it simply consists of Lucas insisting on the "spyware" vs. "adware" distinction over and over, ignoring consumer experience with C2 Media's software and the software of other companies that attempt to bill themselves as "adware" vendors.

# 189 Claria Corporation (04/16/04)
»www.ftc.gov/os/comments/spyware/···tion.pdf

Claria Corporation, previously known as Gator, submits comments that, like C2 Media's, simply rehash the "adware" vs. "spyware" distinction. As I remarked in my comments on Panel 2 at the FTC workshop (»FTC Spyware Workshop: 1st Impressions), Claria, like the advertising software industry (see WhenU's comments below), seems to think that if it simply repeats this "adware vs. spyware" line often enough, the reality of consumer complaints about and experiences with advertising software will somehow morph to fit its own preferred world view. The advertising software industry would have the public, the FTC, and legislators at the state and federal level believe that their software is different from this narrow class of admittedly bad software called "spyware," and that consumers have no complaint with its own allegedly innocuous advertising software. "Whatever consumers are complaining about," the industry alleges, "it certainly can't be *our* software."

# 197 Consumer Software Working Group (04/19/04)
»www.ftc.gov/os/comments/spyware/···cswg.pdf

This is the document that the Center for Democracy and Technology distributed at the workshop. It identifies several "bad practices" that it feels ought to be the focus of industry self-regulation efforts. As the CSWG explains:

said by CSWG:

---

We hope that this list of objectionable practices will help to focus technical, self-regulatory, regulatory and law enforcement efforts to protect consumers from inappropriate activities in a more targeted and effective manner, while avoiding unintended negative consequences for good actors and consumers alike. The Working Group believes that this is an area that could be ripe for self-regulatory efforts to craft industry principles to protect consumers and the marketplace.

---