|
 Imagine a world where you can handle all your personal business with just a couple of clicks. Paying bills, ordering tickets, finding a receipt, checking your vaccinations, searching for a book in the library or voting. Not all of this is a reality today, but it is not far off. And technology is not the barrier to achieving all of this. As usual, it is our willingness to adopt new technology. And maybe also a lack of trust.
Back to the near future: your personal data is no longer scattered across an array of binders and folders at home. Your pocket computer is used to store it all in an organized and structured way. It stores a digital record of your life. It can perform transactions on your behalf. It is your personality in cyberspace. But this computer is not alone. It must be hooked up to the world wide web if it is to serve you efficiently. And this is where it gets scary. This means that millions of cyberspace identities could be accessible to unscrupulous organizations anywhere in the world, all in the same organized form. It could take you hours to find a document in the old days; now it only takes milliseconds for hackers to profile your surfing habits. In the worst case scenario, that is.
Spyware is a common term for software that threatens the integrity of your personal data in cyberspace. This threat differs in many aspects from the well-known problem of viruses. Viruses and worms are typically written by teenagers wanting to show off their programming skills. They rarely intend to do harm, but are just too clueless to realise how much damage they cause. However, spyware is a different kettle of fish. The term itself is derived from the purpose of the software: to spy on someone, e.g. to harvest huge quantities of data for marketing purposes. Or in criminal activities, impersonating the spyware victim. Spyware is not digital graffiti. It is big business.
But wheres the problem? We already have antivirus software that is able to identify unwanted programs and remove them. Why cant the antivirus program just identify spyware and remove it like any ordinary virus? Well, its not that easy although it is actually that easy for the user. Anti-spyware is becoming a standard component of F-Secures antivirus products. However, from a vendors point of view, anti-spyware is a new, and quite different, kind of function. This is due to several technical, legal and practical factors.
The technical differences may be the most obvious. We are no longer dealing with a group of amateurs. A spyware program producer could very well be a professional organisation with quality engineering processes etc. They dont make stupid mistakes, and have much better resources to create working software. The spyware may also be embedded in a desirable software product, which of course is bad news for researchers trying to figure out how to remove the spyware.
The legal differences are also very important. Writing and disseminating viruses and programs that harm computers has already been criminalized in many countries. Spying on data in transit, such as e-mail, is typically illegal just in the same way as opening someone elses post. But stored data may not be protected in the same way. Spyware programs are often installed by the legitimate user of the system. That makes it hard to apply legislation against hacking. It is even more difficult if the spyware function is described in the license agreement that we all accept without reading before we install new software. As a result, the user actually grants the spyware legal rights to send personal data to the spyware vendor. This is a huge difference in comparison with viruses. Creators of viruses are criminals who are unable to defend their position, but spyware vendors can. They have big business to protect. This means that anti-spyware vendors must be careful. Every piece of spyware detected and halted must be well documented, and it must be possible to clearly demonstrate the undesired function it performs. The end user must also be able to decide whether or not to allow a suspected program to run. Spyware vendors cant complain if the legitimate user of a computer chooses to remove their software. But they can and will if an anti-spyware vendor makes a collective decision to crush their moneymaking machine.
 The practical difference between viruses and spyware becomes obvious when examining the technical and legal differences. The user must be more involved in the fight against spyware. This is partly a result of the legal difference, but also of the fact that spyware is often actually grey-ware. It may be hard to categorise a particular program as harmless or malicious: it depends on what the user wants and expects the software to do. You could very well consent to your surfing habits being monitored and targeted marketing being sent to you. You are the only one who can decide whether that is okay or not. You must have the freedom to accept this if you trust the vendor of the monitoring tool, or receive some benefit from participation. This means that the final decision to accept or reject suspected software must be made by the user. It cannot be automated as well as virus-purging. Helping the user to make this decision is a new challenge for anti-spyware vendors.
The world we imagined at the beginning is not science fiction. Our world today is not that far removed. Several of the core services from the scenario already exist today. Internet shopping is convenient. And criminals already run a well-established black market for stolen credit card numbers. The spyware problem is already here, even if we just have seen glimpses of future computer-based services. However, the good news is that anti-spyware is available. F-Secure is already shipping anti-spyware as a component of the F-Secure Internet Security 2005 and F-Secure Anti-Virus 2005 products, and other products will follow in the near future. Although you do have another option: you can refuse to use the computer, and do things on paper the old-fashioned way. I wonder how long well be able to do it that way before the electronic method becomes the only alternative?
Mikael Albrecht, Product Manager
  Begin |  Back
|
