Feds take aim at spyware, but IT isn't optimistic
Many purveyors of spam are beyond the reach of two proposed laws, tech pros say
Computerworld - Two bills passed by the U.S. House of Representatives this week could make it easier for law enforcement officials to prosecute purveyors of spyware and help security vendors develop tools aimed at blocking the programs.
But the international nature of the problem makes it unlikely that the proposed U.S. laws will do much to stanch the spread of spyware, several IT managers said this week.
"I'm very happy that they are trying to do something," said Steve Gelfound, IT operations manager at the Endangered Child Unit of the National Center for Missing & Exploited Children in Alexandria, Va. "But it's really hard to try and control the Internet."
Gelfound called the proliferation of spyware a global problem. "Until everybody agrees to get together and do something, it's going to be almost impossible to stop it," he said.
The two bills, which were approved by wide margins, would impose monetary penalties and jail terms for people who use spyware programs to gather information from computers, monitor usage and serve up advertisements without user consent. Both bills still have to be approved by the Senate and signed by President Bush.
Robert Olson, a systems administrator at Uline Inc., a Waukegan, Ill.-based distributor of packing and shipping materials, said he's "ecstatic" that Congress is taking action against spyware. "The biggest win we get out of this is the availability of a solid definition that antispyware vendors can start working with" to identify and block offending programs, he said.
But like Gelfound, Olson said stopping spyware coming from overseas won't be easy. "There's really no way to enact the penalties against somebody who is pushing these things from outside the country unless you get other governments to agree," he said.
The bills would establish a useful definition of what constitutes spyware, said Pete Lindstrom, an analyst at Spire Security LLC in Malvern, Pa. "They provide a framework for deciding what exactly is good and what's bad."
Several vendors of antispyware tools have been sued by companies that serve up Internet advertising, claiming that their products were being erroneously identified as spyware. Lindstrom said the bills approved by the House "do a good job of assigning motives on people" in such cases.
One of the bills seeks to prohibit practices such as using spyware to hijack a user's Web browser, install programs that monitor keystrokes or modify PC settings (see story). The proposed law also requires prominent opt-in notices for all programs that monitor and collect information about the online activities of users.
The otherbill would make it illegal to use spyware programs to alter security settings or to access personal data for the purpose of defrauding users.
The proposed laws are good for dealing with "homegrown" spyware, said Jarrad Winter, network security manager at Western United Insurance Co. in Irvine, Calif. "But really, the most destructive stuff comes from overseas," he said. "So in the grand scheme of things, I don't think this will make a big difference."
What's also needed, Winter said, is a continuing focus on developing better technical fixes for identifying, weeding out and stopping spyware programs.
Read more about Gov't Legislation/Regulation in Computerworld's Gov't Legislation/Regulation Topic Center.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Overcome Top 7 Admin Challenges of Active Directory
- As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
- Insiders Can Ruin Your Company. Take Action.
- Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
- Top Solutions and Tools to Prevent Devastating Malware
- Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
- Streamline Compliance and Increase ROI
- Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will...
- X-Ray of the PCI Process-4 Proactive Steps
- This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into... All Gov't Legislation/Regulation White Papers
- Optimizing Networks for the Cloud
- Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
- Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
- Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
- Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
- Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn...
- Virtualize Business-Critical Applications with Confidence
- Virtualizing business-critical applications has become a key focus for organizations as they move along their virtualization journey. With the launch of VMware vSphere®... All Gov't Legislation/Regulation Webcasts